The popular Gawker/Lifehacker network was hacked this week, compromising tens of thousands of passwords. This news provides an excuse for a couple of paragraphs of boastful geekery in the fascinating area of password management.
I spend a lot of my day roaming the Internet and the various services it has to offer, both for work and personal matters. In many cases, I operate an organisational and personal account (for example, @englishpen and @robertsharp59 on Twitter). Logging in and out of the various accounts can be a drag, but I’ve recently started using the Sxipper password management tool for Firefox. Browsers already have the capacity to remember your passwrods of course, but usually only one-per-site. Sxipper stores all the possible options and let’s me choose. A Godsend.
This transition has allowed me to become a little more rigourous in managing personal privacy. Prompted by this salutary tale from Cory Doctorow, I decided that I would create unique passwords for new websites I sign-up for.
I carefully tapped in my password, clicked the login button, and then felt my stomach do a slow flip-flop as I saw the URL that my browser was contacting with the login info: http://twitter.scamsite.com … And that’s when I realized that I’d been phished. And it was bad. Because I’d signed up for Twitter years ago, when Ev Williams, Twitter’s co-founder sent me an invite to the initial beta. I’d used a password that I used for all kinds of sites, back before I started strictly using long, random strings that I couldn’t remember for passwords. … What’s more, Twitter isn’t the only place where I used my “low-security” password that has turned into a high-security context, which means that hijackers could conceivably break into lots of interesting places with that information.
The recent Gawker breach only reinforces Cory’s advice to use a different password for each site. Back in the day, before my laptop was stolen, I would use the same password for all websites, as (I guess) most people continue to do. It was only after the theft that I began to diversify, and only in recent months I have gone the whole random hog and started to use opaque strings. To do this with ease, I have bookmarked PC Tools Random Password Generator.
JR Rapael at the PC World blog has an interesting article on all this: Gawker Hack Exposes Ridiculous Password Habits. Apparently “12345” is the most common password, followed closely by “password”, obviously. If those combinations feel a little too close to home, it would be wise to make some changes to your own online life, ASAP.