Those of you who are fellow IT geeks, or at least interested in security, should read this... even if you don't agree with the author's conclusions: http://www.pcworld.com/article/214616/death_to_passwords.html

The Wall Street Journal analyzed the list of hacked accounts (something like 200,000 of them) from the Gawker hack. Most common password? 123456

Second was password, third was 12345678.

Others of note were letmein, trustno1, passw0rd, and qwerty. (What? No OpenSesame?)

Which for some reason reminds me, in the immortal words of President Skroob, "And somebody change (the password on) my luggage!)

President Skroob (http://www.imdb.com/name/nm0000316/): Did it work? Where's the king?
Dark Helmet (http://www.imdb.com/name/nm0001548/): It worked, sir. We have the combination.
President Skroob (http://www.imdb.com/name/nm0000316/): Great. Now we can take every last breath of fresh air from Planet Druidia. What's the combination?
Colonel Sandurz (http://www.imdb.com/name/nm0943927/): 1-2-3-4-5
President Skroob (http://www.imdb.com/name/nm0000316/): 1-2-3-4-5?
Colonel Sandurz (http://www.imdb.com/name/nm0943927/): Yes!
President Skroob (http://www.imdb.com/name/nm0000316/): That's amazing. I've got the same combination on my luggage.


Barf (http://www.imdb.com/name/nm0001006/): Oh! That's gonna leave a mark

Santa Claus wears a red suit.
Must be a Communist.
Has long hair and a beard,
Must be a terrorist.
What's in the pipe that he's smoking?

http://www.pcworld.com/article/214630/santa_claus_placed_on_watchlist_as_possible_terror ist.html

The "password system" is not inherently insecure as the article claims. It is the way people use it. If someone is stupid enough to use a password that is easily "guessed" then they deserve to get cracked. Smart people use strong passwords.

The article was only showing a certain Mind Think of passwords.

there is no more room in my brain for passwords and logins. not even if it's wafer-thin.

there is no more room in my brain for passwords and logins. not even if it's wafer-thin.
I lol'd IRL.

Any security system is only as strong as the weakest link: Us.

Even Public-Private key encryption is weak to the human condition. Lot's of people just leave their private key somewhere easy to find.

Well , admins do us a disservice by requiring increasingly absurd standards for passwords , which create combos that are virtually impossible to memorize . Eight characters minimum , no repeating characters , must include alpha , numeric , and special characters , and change every 30 days ? You have one each for the computer itself , the domain , and access to your work environment , and you can be fired for writing passwords down ? F*** YOU !

People could do themselves a favor by improving their choices , but admins need to give us a break by thinking in the real world some , too . Meantime , the above standards mean I can no longer use old favorites Drowssap or AllenLudden .

Well , admins do us a disservice by requiring increasingly absurd standards for passwords , which create combos that are virtually impossible to memorize . Eight characters minimum , no repeating characters , must include alpha , numeric , and special characters , and change every 30 days ? You have one each for the computer itself , the domain , and access to your work environment , and you can be fired for writing passwords down ? F*** YOU !

People could do themselves a favor by improving their choices , but admins need to give us a break by thinking in the real world some , too . Meantime , the above standards mean I can no longer use old favorites Drowssap or AllenLudden .
Ironically... my company is in the process of rolling out an Enterprise Password Management application called Roboform, which (amongst many other things) will let our users manage their multitude of user ID's and passwords.

I was in the process of putting together the Powderpoint slide show that will be used as part of my teaching/demonstration sessions when I came across the articles about the Gawker hack. So, the information turned out to be very timely.

And... I made full use of the Spaceballs reference, complete with a picture of President Skroob as he realizes that the combination on the Planet Druidia airlock is the same dumb one that's on his luggage. (Yes, my boss was OK with that -- in fact, he's the one who got me the picture!)

The "password system" is not inherently insecure as the article claims. It is the way people use it. If someone is stupid enough to use a password that is easily "guessed" then they deserve to get cracked. Smart people use strong passwords.
Well, Gawker's third party (that actually performed their password management) getting hacked didn't help. Nor did the hacker's posting of the entire set of user information out "in the clear."

Doesn't matter how secure your password is, if it's posted in the clear somewhere.

Well , admins do us a disservice by requiring increasingly absurd standards for passwords , which create combos that are virtually impossible to memorize . Eight characters minimum , no repeating characters , must include alpha , numeric , and special characters , and change every 30 days ? You have one each for the computer itself , the domain , and access to your work environment , and you can be fired for writing passwords down ? F*** YOU !

People could do themselves a favor by improving their choices , but admins need to give us a break by thinking in the real world some , too . Meantime , the above standards mean I can no longer use old favorites Drowssap or AllenLudden .

That's easy, and this is the trick I tell all users who complain about the need for complex passwords (Which, those rules wouldn't be needed, if users wouldn't pick stuff like "123456", or "asdfghjkl"....):

* Pick a really long sentence (About 20 words), ie: I hate using computers when all I want to do with it is throw it out the window.
* Take the first letter of each word: ihucwaiwtdwiitotw
* Now, change the "i" to a "1", and "o" to a "0", "s" to a "$", and "e" to a "3": 1hucwa1wtdw11t0tw

Now, all you have to do is remember the sentence, and the juxtaposing rules (Letter for number). You know have a complex, unguessable, long password.

I use 54321 as my Island password. No one will ever guess that.

I use 54321 as my Island password. No one will ever guess that.

I think you're good to go :)

I use 54321 as my Island password. No one will ever guess that.

Well, at least it's not the combination on your luggage. Is it?

"Now, all you have to do is remember the sentence, and the juxtaposing rules (Letter for number). You know have a complex, unguessable, long password."

Wouldn't it be easier with finger to lips going beeble beeble beeble beeble? That'll remind you of your password, now who would ever guess zaphodbeeblebrox?

"Now, all you have to do is remember the sentence, and the juxtaposing rules (Letter for number). You know have a complex, unguessable, long password."

Wouldn't it be easier with finger to lips going beeble beeble beeble beeble? That'll remind you of your password, now who would ever guess zaphodbeeblebrox?

You could do that. It's all a matter of mnemonics.

Nor did the hacker's posting of the entire set of user information out "in the clear."

Doesn't matter how secure your password is, if it's posted in the clear somewhere.

Maybe they were following the Wikileaks philosophy. No secrets... ALL information out in the open. Transparency and openness of all info is the basis for democracy !!

Maybe they were following the Wikileaks philosophy. No secrets... ALL information out in the open. Transparency and openness of all info is the basis for democracy !!

Yeah. Keep that in mind when some hacker exposes your user ID & password, and your personal bank account gets emptied.

Maybe they were following the Wikileaks philosophy. No secrets... ALL information out in the open. Transparency and openness of all info is the basis for democracy !!

Corporations are not democracies. They are sociopathic personalities.