Gawker Hack Exposes Ridiculous Password Habits

[nsane.forums]

Whew! Is it just me, or is it getting tough to keep track of all the info spilled via this week's massive Gawker hack?

The please-don't-call-it-Gawkergate Gawker hacking story sprung up over the weekend, when a group known as "Gnosis" apparently made its way into the servers of Gawker Media. Gawker Media, if you aren't aware, is a publication group that runs gossip blog Gawker (no big surprise there) along with a slew of other websites like Lifehacker, Gizmodo, and Jezebel.

Long story short, the hackers danced away with boatloads of secrets, including the e-mail addresses and passwords of more than a million Gawker users (and some Gawker staff members, too). Now, we're getting a glimpse at just how absurdly poor some of those passwords were.

Gawker Hack: The Password List

The data-diving crew from The Wall Street Journal analyzed some of the hacked Gawker data in order to find trends in people's password selections. They looked at a sample of 188,279 passwords that was decrypted and made public.

Among the most common passwords they found in the list:

• "123456." This was actually the most popular password of all. As far as I can tell, this indicates one of two things: (a) Lots of people are careless about security; ( B ) Lots of Gawker accounts belong to Elmo.

• "password." The second most popular password in the list. Evidently, some folks interpret the "Password" prompt as a CAPTCHA field.

• "lifehack." Did someone order an extra-large helping of irony?

• "qwerty." When in doubt, just run your fingers across the keyboard.

• "monkey." One of the more curious items in Gawker's password database. I blame Peter Gabriel.

• "letmein." When you think about it, it really is quite impressive: After all these years, this computing classic is still in style.

• "trustno1." Right. Especially people who use passwords like "trustno1."

• "passw0rd." Oh, do you see what they did there? It's like "password," but not. Good one.

• "cheese." Mmm...cheese. What were we talking about, again?

Ah, yes -- passwords. Perhaps the most surprising twist in all of this is that Gawker's staff didn't do much better. According to Forbes, 15 Gawker staffers had passwords consisting of common words (or "slight variations thereof"). One staff member reportedly used his own name followed by the number "1."

If you aren't sure why any of these scenarios are troubling, please smack yourself in the face (gently -- we don't need any lawsuits here). Then go read up on basic password hygiene, or just grab a utility like LastPass, named one of PCWorld's "Best Products of 2009." It'll generate complex passwords for you and store them securely in the cloud.

Curious if you're among the registered Gawker users whose info has been exposed, by the way? Slate.com has created a handy tool to search the database for your username or e-mail address. If you find yourself listed, check out these tips for some suggestions on what to do next.

And for the love of cheese, never make your password "password" again.

View: Original Article

[DKT27]

Somehow I always knew that 12345 is used by a pretty large number of people. But never thought it would top the list. ^_^

[HX1]

LOL.. :D

Password

- Normal Type

Cnffjbeq

- ROT13

(nffj83q

- Leet

KG5mZmo4M3E=

- Base64 Encode

o4M3E=

- Count necessary letters backwards

o4M3E=

- New Pass

[implague]

LOL.. :D

Password

- Normal Type

Cnffjbeq

- ROT13

(nffj83q

- Leet

KG5mZmo4M3E=

- Base64 Encode

o4M3E=

- Count necessary letters backwards

o4M3E=

- New Pass

what exactly this is? :blink:

[HX1]

It sort of a joke... You start with the word 'Password' encode it in ROT13 ( so nobody knows your password ) then you take that result and turn it into LeetSpeak, ( so nobody knows your password ) then you take that and ( so nobody knows your password ) do a Base64 Encode.. LOL then just in case someone knows your method or idea.. you cut it up in little pieces.. ( so nobody knows your password :P ) SO.. the end result is the word ' Password ' used as a password.. :lmao: That starts out as a an average password and ends as something quite complicated.. not going to be guessed.. and is not reversible.. even in storing one you can add all kinds of thing and only know what part is it... :D

[implague]

aawww very copmlicated :blink: what did u did to the password exactly :unsure: i wonder :mellow:

[DKT27]

LOL heath. I should consider a similar method for my next. :)

Tell me, doing so would yield anything? I mean the brute forcers will find o4M3E. Just wanted to know if it has any advantages. :D

[HX1]

Well.. that is just the thing.. they will have to use something that would be something like brute force... so you would have to have something that would be able to do this going in the sign in on a website.. without getting detected or getting the IP Blacklisted from the server.. or showing itself.. and its would be highly unlikely that someone would ever figure out..

Technically, there is no password out there that cannot be broken.. in one way or the other .. but finding something that is unique without a clue.. to your person and includes capitalization, numbers, and special characters would probably be the best possible choice... its not human readable.. nor can it be decrypted by a person.