Forgot your password?
typodupeerror
Privacy Security Social Networks Your Rights Online

75% Use Same Password For Social Media & Email 278

Posted by CmdrTaco
from the my-password-is-trustno1 dept.
wiredmikey writes "Over 250,000 user names, email addresses, and passwords used for social networking sites can easily be found online. A study of the data collected showed that 75 percent of social networking username and password samples collected online were identical to those used for email accounts. The password data was gathered from blogs, torrents, online collaboration services and other sources. It was found that 43 percent of the data was leaked from online collaboration tools while 21 percent of data was leaked from blog postings. Meanwhile, torrents and users of other social hubs were responsible for leaking 10 percent and 18 percent of user data respectively...."
This discussion has been archived. No new comments can be posted.

75% Use Same Password For Social Media & Email

Comments Filter:
  • "Leaked"? (Score:5, Interesting)

    by Pojut (1027544) on Monday August 16, 2010 @01:21PM (#33265476) Homepage

    So wait...how exactly did they get hold of passwords?

  • Yup, Probably true (Score:4, Interesting)

    by IndustrialComplex (975015) on Monday August 16, 2010 @01:28PM (#33265568)

    I'll give a bit of a hint here, I do the same thing, just with a slight variation:

    Mostly-Trusted media sites get the same password (obviously vastly different user names)
    Slashdot, Fark, Broadband Reports, etc

    Then I have my pseudo-trusted sites with their own password group:
    Demonoid, imageshack, probably others.

    Non-trusted sites get a random junk password each access = reset password
    ie: low accountability not tied to a company name with 2-3 visits/year

    My email gets its own password of 10+ characters

    Work gets its own password of whatever the hell rules they implement this week. Tech support has to deal with LOTS of reset requests since I don't write it down, but they have a different password for every freaking service and every freaking service has a different password lifetime setting.

    So aside from work, I really only have 3 passwords or so, but it helps break up the damage should one be compromised. Compartmentalized is probably the best description.

  • Re:"Leaked"? (Score:5, Interesting)

    by KnightBlade (1074408) on Monday August 16, 2010 @01:30PM (#33265590)
    While I was studying Info. Sec. at my univ, my professor at the time told the class about this research they had about passwords. They were going around gathering statistics by asking random people questions about their passwords- length, number of special characters, if they used the same passwords, the number of times they changed them and so on. He said what amazed him was that one in every 5-6 people would just tell them their password and ask is that good enough?
  • by Captain Splendid (673276) * <{capsplendid} {at} {gmail.com}> on Monday August 16, 2010 @01:37PM (#33265696) Homepage Journal
    See, this is why math is your friend. All I have to remember is a formula. I apply that formula to whatever it is I'm signing into, which produces a different (and alphanumeric) password for every instance. Complex, unique passwords without having to write anything down anywhere.
  • by rsborg (111459) on Monday August 16, 2010 @01:42PM (#33265764) Homepage
    ... don't necessarily help.

    Facebook's founder knows the importance [businessinsider.com] of social media:

    Mark used his site, TheFacebook.com, to look up members of the site who identified themselves as members of the Crimson. Then he examined a log of failed logins to see if any of the Crimson members had ever entered an incorrect password into TheFacebook.com. If the cases in which they had entered failed logins, Mark tried to use them to access the Crimson members' Harvard email accounts. He successfully accessed two of them.

    So in this case, the victims didn't even have the same password, but accidentally used the email password for Facebook. Combined with a malicious site (which Facebook was for them) this can lead to leaked passwords.

    The best solution to this is to use a password manager like 1password, roboform or KeepassX. I find 1password useful because it matches my password with the domain, preventing inadvertent entries. It's also a boon if you are developing with dozens of test and staging sites which change passwords often.

  • by c-reus (852386) on Monday August 16, 2010 @01:50PM (#33265872) Homepage

    so if someone were to figure out that formula, he'd have access to every account you have created?

  • by BJ_Covert_Action (1499847) on Monday August 16, 2010 @01:51PM (#33265884) Homepage Journal
    So I guess Chrome, Opera, Iron, Seamonkey, and dozens of other web browsers are completely insecure?

    I know IE6 is a nightmare. I don't really pay attention to IE7 or IE8 because I don't use them. I know Chrome involves some privacy issues, and I suppose there is something that has to do with selective script management. From what I hear, however, Opera and Iron are supposed to be pretty damn secure. Also, SeaMonkey is supposed to be pretty decent. I can't talk about Safari because, like IE, I really don't care about it at all.

    Of course, you prefixed your post with "In Tinfoil Hat Land..." so I suppose you were being somewhat sarcastic. But I am curious, do you really think FF is the only secure browser out there?
  • Well lets just... (Score:3, Interesting)

    by Rivalz (1431453) on Monday August 16, 2010 @01:52PM (#33265912)

    Password protect our bios
    Then our Hard drive
    Then our Operating System
    Then our router
    Then our ISP
    Then our Email
    Then our website
    Then our credit / bank cards (pins and codes)

    I'm all for it but the thing that bugs me is why cant we write a paragraph for our passwords or at the very least a full sentence.
    usually 8-64 characters is the min max range for a acceptable password. But what If I want my password to be the gettysburg address. Or maybe just the lyrics to a song. Why cant we have insanely complex passwords if we want? So until my password can be pi to the 100th digit dont come complaining to me when my passwords are the same for everything.

  • Re:"Leaked"? (Score:2, Interesting)

    by fishbowl (7759) on Monday August 16, 2010 @01:54PM (#33265928)

    >"Loose lips sink ships" was a common saying during World War II

    And today we know *way* too much, in way too much detail, about the location and movement of troops, their morale, reports of their actions, etc.

  • Re:Well lets just... (Score:3, Interesting)

    by Nadaka (224565) on Monday August 16, 2010 @02:17PM (#33266206)

    4#&7YagoR4fathers...

  • by Abstrackt (609015) on Monday August 16, 2010 @02:35PM (#33266434)
    I like Bruce Schneier's take on this problem:

    "Simply, people can no longer remember passwords good enough to reliably defend against dictionary attacks, and are much more secure if they choose a password too complicated to remember and then write it down. We're all good at securing small pieces of paper. I recommend that people write their passwords down on a small piece of paper, and keep it with their other valuable small pieces of paper: in their wallet."

  • by John Hasler (414242) on Monday August 16, 2010 @03:52PM (#33267330) Homepage

    There is a danger in creating a password system with two many requirements, because I know very few people who used that system who didn't have their password on a sticky note on their monitor.

    Whereas they should have it in a little address book that they keep with their cash and credit cards. I mean that seriously. Use strong passwords, use a different password for every account, and write them down. Yes. I said that. Write them down. There is no other way to get ordinary people to use multiple strong passwords.

"The Street finds its own uses for technology." -- William Gibson

Working...