The Top 50 Gawker Media Passwords 209
wiredmikey writes "Readers of Gizmodo, Lifehacker and other Gawker Media sites may be among the savviest on the Web, but the most common password for logging into those sites is embarrassingly easy to guess: "123456." So is the runner-up: "password." On Sunday night, hackers posted online a trove of data from Gawker Media's servers, including the usernames, email addresses and passwords of more than one million registered users. The passwords were originally encrypted, but 188,279 of them were decoded and made public as part of the hack. Using that dataset, we found the 50 most-popular Gawker Media passwords."
I use a stupid password for stupid sites (Score:5, Interesting)
The idea that a password is neccessary for such an account is idiotic. No one cares about hacking it (or if you do, then you have an unhealthy obsession with TV).
Gawker is a similar timewaster. Wasting your brain power to create/remember a good password for it is foolish.
I see nothing wrong with using "123456" or "password" for it. I am also pretty sure that most intelligent people that use stupid passwords for stupid web sites, don't use stupid passwords for their bank account or their primary email (but maybe for an email they feed to spammers that offer 'deals' if you give them your email.)
Perfect example: (Score:5, Interesting)
and today after checking my lists, I realized that I used the same password on both Slashdot (frequented!) and Digg (haven't visited since v4). Whatever, I changed it on both of these sites. I didn't bother touching it on Gawker now that I know I can't trust them to actually understand password security.
And the reason is (Score:4, Interesting)
that people probably don't care if someone steals their "commenting" account password.
The only reason to create it in a first place was because they just wanted to show their nick.
I bet if someone checked Washington Post account database passwords, there'd be the same amount of "Blahblahs" and "F*ckoff123"
This is why I use tiered passwords. (Score:4, Interesting)
This way, I have damage control. If something gets compromised, it's not going to affect as much. Gawker gets hacked, I change my password for a dozen websites, but don't have to worry about my email being stolen or my bank account being drained. Likewise, if someone does manage to hijack my email account, I can tell people over Facebook that it happened, and not to trust that email address anymore. Yes, it's still not as secure as unique passwords for every site, but it's significantly easier on the memory.
Re:Not Really Sold on the Correlations (Score:5, Interesting)
That's what OpenID delegates are for. I have a page set up that I log in to OpenID sites with, and that page contains metatags to forward to the provider of my choice. Provider goes down, I can switch internally and never change my login URL.