More bad passwords revealed in Gawker hack

Are people getting any smarter about password protection?

Have we learned nothing from rockyou.com?

You may recall that earlier this year, security firm Imperva analyzed 32 million passwords that a hacker stole from an application developer called rockyou.com and found that many people were using simple ones, including "password," "rockyou" (the name of the site) and strings of sequential numbers.

Now hackers have once again stolen and posted passwords, this time from Gawker and its related sites, including Gizmodo and Lifehacker.

The most common password, according to a Wall Street Journal analysis of the data dump: "123456," used by more than 3,000 registered Gawker users.

After that:

password
12345678
lifehack (a variation of one of the site names)
qwerty
abc123
111111
monkey
consumer
12345
0
letmein
trustno1 (Fox Mulder's password on "The X Files," and he should have known better.)

The WSJ has 50 top passwords from this latest hack, and a detailed analysis.

Security experts recommend people use "strong" passwords, generally defined to be randomized strings of letters, numbers and symbols, with some letters capitalized, not based on any words with personal significance (don't use your dog's name or child's college name, for example). And they also recommend that you have a different password for every site that requires one, change them often, and never write them down.

Most ordinary people find this advice to be laughably unrealistic -- creating and, more importantly, remembering a couple dozen such strong passwords without writing them down is pretty much impossible. (And for sites where the access is needed only to read and comment on articles, with no payment or personal information stored, many people think complex passwords are superfluous.)

But when we asked our readers, after reporting on the rockyou hack, for tips, we got a few really good ones. Among them:

  • Open a favorite book to a random page and find a phrase. The phrase becomes the password. You can write down the page and line number safely -- it will look like "73 14," and it's doubtful anybody will know what it means. If someone does figure it out, they'd still have to guess which book.
  • Memorize your finger movements when you create the password. When you change it, start on a different first key but make the same movements. You end up with a new, unguessable password already stored in your muscle memory.
  • Combine meaningful phrases and dates with other symbols and codes. One reader told us: " I went to Disney World in 1996, so I start with '96DIsneyworld' (using uppercase for the first two letters). I precede that with two special characters that I always keep the same. Then I precede that with the first letter again in lowercase. That gives me d,,96DIsneyworld.' To avoid using the very same password on all my various accounts, for each one I add a lowercase letter just after the digits that represents the system to me (e.g. 't' for the Timesheet system, 'e' for e-mail). This would give me 'd,,96tDIsneyworld' for my Timesheet password. "
  • E. Miller of Portland, Ore., recommended making passwords out of stories. "'I walked down Bourbon Street with Sarah in 1992' can be 'bourbon1992Sarah' or many other variations."

About the Author

Technology journalist Michael Hardy is a former FCW editor.

Featured

  • FCW PERSPECTIVES
    sensor network (agsandrew/Shutterstock.com)

    Are agencies really ready for EIS?

    The telecom contract has the potential to reinvent IT infrastructure, but finding the bandwidth to take full advantage could prove difficult.

  • People
    Dave Powner, GAO

    Dave Powner audits the state of federal IT

    The GAO director of information technology issues is leaving government after 16 years. On his way out the door, Dave Powner details how far govtech has come in the past two decades and flags the most critical issues he sees facing federal IT leaders.

  • FCW Illustration.  Original Images: Shutterstock, Airbnb

    Should federal contracting be more like Airbnb?

    Steve Kelman believes a lighter touch and a bit more trust could transform today's compliance culture.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.