Passwords - Please Be Smart! (Gawker vs. 4chan)
So events have transpired today in what seems to be a tussle between Gawker (group of blog that bring us such stuff as Kotaku and Gizmodo) and 4chan (image board that brings me Persona hentai and pictures of cute traps).
The exacts of this aren't really important, and let's be honest, a lot of you probably don't care. However, why you should care, at least a little, is that a group of script kids (who may or may not be directly tied to 4chan) hacked the hell out of Gawker's databases, and now thousands of email addresses and passwords for accounts on Gawker sites are out there.
Did Your Account Get Nabbed?
First: go check to see if any of your email addresses show up. Follow the below instructions, and if you get a hit on any servers (such as "gmail.com"), then your info for your Gawker account is out there.
1. Go here: Converting your email address to MD5
2. Enter your email address under "Input", and click on "MD5". Copy the "Result".
3. Then go here: The database
4. Click on "Show Options" and change the filter to "MD5". Paste the copied "Result" and see if it shows up on search. If ANYTHING shows up on the search result (e.g. xxxx.com where xxxx is the domain of your email address) it does then your password has been compromised and sooner or later will be hacked if they feel like it.
Personally, I'd do a search for any active-use email addresses you have, even if you can't remember using them on a Gawker site. You know, just to be safe.
The other point to bring up is the question of password security. I know how it goes: in this day and age, it seems like every website wants you to make an account before you can do anything, so your list of usernames and passwords is a mile long. At some point, trying to remember them all is a lost cause, and complex password management can be a hassle for some. So, even the best of us have done it at times - using the same password for multiple websites.
Being Smarter About Passwords in General
Having a Gawker account hacked may be of little concern. The problem is, if you used a password on there that you've also used in other places, and if you - like most - tend to stick with one common username, the information leaked from Gawker could give somebody access to your account somewhere else if they take the time to try. Is it going to happen? Probably not. But you never know.
Not that I'm any kind of password expert or anything, but I've tried a number of various methods for handling passwords. Having a few common ones, using phrases I associated with the website, taking a word and the site name and inter-mixing the letters, having a password storage app, random password generators, tons of things. Every solution I tried either left me feeling like my passwords weren't secure enough, or keeping track of everything was an utter pain.
The solution I found is a password generation system, but not the random kind. The idea is this: you provide one string that is "fixed", and one string that is a variable. So, we start with a password, something easy for us to remember. In this case, let's say "northkoreaisbestkorea". The second string would be dependent on the site or service we want to use it with. So, let's say we're making a password for here, so we use "thenextlevel". Using those two strings, the password generator I use - under the way I have it set up - gives us the password "ACq6ekICuasa".
Totally random-looking, unique one-use password, but how in the world do you remember that? That's the great part; you don't! All you remember is the one keyphrase you want to use, and then the system for how to determine the second variable. If you can remember that, then you can always retrieve your password, and you also gain the extra level of security in not having to write anything down.
Recommendations
Mnemosyne
This is what I use. It's simple, easy, and best of all, there's both a Mac client and a free iPhone app. That way, even when away from my computer, a few seconds of fiddling with my iPhone and I can have my password for any site I need to log into. What's also nice is I can decided the length of the password I want and if it should include just letters, letters and numbers, or letters + numbers + ASCII characters. I don't believe there's a Windows version, but I'm sure a similar type of app (or many of them) exist out there.
Password Chart (http://www.passwordchart.com/)
Same kind of idea, but done completely over the web. Doesn't give you all of the options that a dedicated app like Mnemosyne does, and requires an internet connection, but it could be a good solution for at least making more secure password that you then put into a password management system of some sort.
Again, I'm no expert on all of this, and if anybody has other suggestions they'd like to make, please do so! If you take nothing else away from my ridiculously long post, however, please take a moment to think about your password safety. When it comes to account hacking or theft, things are only going to get worse, not better. Having somebody break into one of your accounts would really suck, but having a set of passwords that makes it easy for them to then break into a bunch of your other accounts is far, far worse. Keep yourself and your information as safe as possible; separate sites, separate passwords, and not simple words that could easily be brute forced!
WARNING: This post may contain violent and disturbing images.
Bookmarks