A timely reminder to use strong passwords

You may have read about a security breach at Gawker Media, the company behind several websites including Lifehacker.

The server files have been posted at various locations around the web, so I thought I’d take a look. Finding your own email address and decrypted password in a file obtained online is a sobering experience, I can tell you. Fortunately, it was not a password that I use elsewhere, so no damage done. It was, however, a ridiculously “soft” password (all digits, if you must know).

Of course, my thoughts soon turned to data analysis. A quick and dirty bash one-liner reveals the top 10 passwords…

cut -d " " -f 3 parsed_db.txt | \
awk '{count[$1]++}END{for(j in count) print j,""count[j]""}' | \
sort -nrk2 | head

123456 3057
password 1955
12345678 1119
lifehack 661
qwerty 418
abc123 333
111111 311
monkey 300
consumer 273
12345 253

OK, now I don’t feel quite so bad. At least my digits were mixed up a little…

Next, I exported my GMail address book and used R to match the email addresses in the file. I won’t bore you with the details. I found four of my contacts (one password still encrypted, three cracked) and notified them. Hopefully, they won’t think my uncharacteristic Twitter DMs are further evidence of a breach.

Take-home message: use strong passwords. Change them from time to time and don’t use the same one for multiple sites. It can happen to the best of us.

2 thoughts on “A timely reminder to use strong passwords

  1. I have been slowly changing my “soft” password over the last few months to something a little stronger, and I never keep it the same as my email address. Events like this make me glad that I took the time.

Comments are closed.