What Everyone Missed About the Gawker Password Scandal

A few weeks ago the internet exploded with news about the servers that host the Gawker blogs (Gizmodo, Lifehacker, Jezebel, etc.) being compromised by a distributed group of crackers known as Gnosis. Though the attack itself was covered fairly well by various tech publications (and less so by the traditional media, as usual), there was a recurring theme that just seems wrong

Many people commenting on the subject, whether in editorials, podcasts or discussion forums, would bring up the subject of how strong the users’ cracked passwords were. There were a large percentage of users with weak passwords like qwerty, password, 123456, or monkey. Yes, they are obviously weak passwords. However, I think it’s wrong to use them as an example of bad user-end security practices.

I, for one, would never use one of my more secure passwords for an account on a blog or discussion forum. I would be likely to come up with a throwaway that I would never use on a site where I would care if it were compromised. Considering that Gawker’s readers are probably a little more tech-savvy than your grandparents, why assume that they wouldn’t take the same approach? Given Gawker’s security breach, I think it’s a well-justified method to use.

  • http://news.runtowin.com Blaine Moore

    I use lastpass to generate a new password for every single site I come to…and before I started using lastpass, I used the password hasher plugin for firefox that wijjo put out.

    So, every single website that needed a password got a secure one, and they were all different. Best of all worlds.

  • Kevin

    I’m with you 100%

    My password did get leaked…it was “asdfasdf”

    It’s comments on a blog.

    Worst case scenario, someone steals my account and posts fake comments….

    Really not at the top of the list in my security concerns…