There’s been a lot of talk over the past couple of days, since Gawker was hacked, about how embarrassingly insecure its users’ passwords were. More than 3,000 users had “123456″ as their password; almost 2,000 had “password”. There’s a long tradition of servicey journalism explaining how to generate secure yet memorable passwords, and telling those of us with insecure passwords that “what you’re doing now is going to come back to bite you”.
As someone who which password on the Gawker list was, will I agree it is annoying. But I think what is missed here, it is the sheer protest. We all hate to come up with passwords constantly asked – especially for silly things like Gawker comments. Now it is to not enough, just password, got it also assured? Come on.
My general feeling about using unsafe passwords is much like my feeling about hopping on a unencrypted WiFi network at the local coffee shop: real security arrives from the fact that nobody has the slightest interest in my Gawker commentator crack account or I write always a preview of a blog post about government negotiations.
Gnosis has shown that if a sophisticated computer hacker is really determined to crack in my life, you are up to then probably able to do so. Use strong passwords you slow down, but it won’t stop you. The most commonly used in the Gawker – 123456 – was used 0.2% of only 3,000 of 1.5 million people that is you. When you try to guess my password is with brain rather than computer-assisted brawn it be easy even if it in the dictionary somewhere. And use computer brawn to attempt to crack in my life I probably greater problems than weak passwords.
What is needed I think is a kind of empirical data on people who have had hacked or stolen your passwords. How often does this happen? What are the chances it happened to me? And how much safer do people when to move from insecure to secure passwords? Without all counts for all these things, it is easy to understand why people refuse to buy in the paranoia of techies.