I know your password

Jon Fisher

 

Most Internet savvy users know that when they log into their banking they should check for the https in the address bar and look for the padlock at the bottom of the browser but is that enough to protect our on-line identities? The recent gawker breach has left many unsure of the security in the sites they visit as well as their own practices. Gawker was compromised on December 12th, 2010; this resulted in a security breach at Gawker and each of its sister sites: Gizmodo, Jalopnik, Jezebel, Kotaku, Lifehacker, Deadspin, io9, and Fleshbot.  1.3 million passwords were leaked revealing some very common ones.  The top 13 passwords used on these sites were:

1.       123456

2.       password

3.       12345678

4.       lifehack

5.       qwerty

6.       abc123

7.       111111

8.       monkey

9.       consumer

10.   12345

11.   0

12.   letmein

13.   trustno1

More than 3,000 people chose 123456 as their password and 1,000 more decided that an adding 78 to the end made their password more secure.  Almost 2,000 people used the word password as their password.  These numbers should be alarming in and of itself and although these numbers reflect the use of simple passwords among almost all sites, the bigger problem is in the aftermath.  The attackers then used each of these users’ passwords to break into thousands of twitter, facebook, and email accounts.  It seems the biggest problem is in using the same password for every site that one visits.  A study found that only 19% use different passwords for every site they visit.  Since you can’t depend on every site to have great security, it seems you need to take a few steps on your own.  I’ve read of people using extreme cryptographic processes to generate and use extremely secure passwords with numbers, symbols, punctuation, capital letters, and lowercase letters such as TZ'k}T'p39m-Y>4d); suggesting that the user change his or her password very very often, and using only one password per site and that works for some people.  If you are the type that would like to remember each of these complex passwords for each site changing regularly, I support you.  But for the rest of us, where do we find the right balance between security and convenience without having to write down each of our passwords (thus defeating the point of security)?  For starters, I would suggest using a secure password that is not easily guessable, and use one per site.  With all of the passwords to all of the sites that we use, and with all of the hackers that are out there, chances are some of them will be hacked.  The only question is how many of your accounts will they have access to once they hack an easy site.