75% Use Same Password For Social Media & Email 278
wiredmikey writes "Over 250,000 user names, email addresses, and passwords used for social networking sites can easily be found online. A study of the data collected showed that 75 percent of social networking username and password samples collected online were identical to those used for email accounts. The password data was gathered from blogs, torrents, online collaboration services and other sources. It was found that 43 percent of the data was leaked from online collaboration tools while 21 percent of data was leaked from blog postings. Meanwhile, torrents and users of other social hubs were responsible for leaking 10 percent and 18 percent of user data respectively...."
"Leaked"? (Score:5, Interesting)
So wait...how exactly did they get hold of passwords?
Yup, Probably true (Score:4, Interesting)
I'll give a bit of a hint here, I do the same thing, just with a slight variation:
Mostly-Trusted media sites get the same password (obviously vastly different user names)
Slashdot, Fark, Broadband Reports, etc
Then I have my pseudo-trusted sites with their own password group:
Demonoid, imageshack, probably others.
Non-trusted sites get a random junk password each access = reset password
ie: low accountability not tied to a company name with 2-3 visits/year
My email gets its own password of 10+ characters
Work gets its own password of whatever the hell rules they implement this week. Tech support has to deal with LOTS of reset requests since I don't write it down, but they have a different password for every freaking service and every freaking service has a different password lifetime setting.
So aside from work, I really only have 3 passwords or so, but it helps break up the damage should one be compromised. Compartmentalized is probably the best description.
Re:"Leaked"? (Score:5, Interesting)
Re:Yup, Probably true (Score:3, Interesting)
It gets even worse... even different passwords (Score:5, Interesting)
Facebook's founder knows the importance [businessinsider.com] of social media:
So in this case, the victims didn't even have the same password, but accidentally used the email password for Facebook. Combined with a malicious site (which Facebook was for them) this can lead to leaked passwords.
The best solution to this is to use a password manager like 1password, roboform or KeepassX. I find 1password useful because it matches my password with the domain, preventing inadvertent entries. It's also a boon if you are developing with dozens of test and staging sites which change passwords often.
Re:Yup, Probably true (Score:3, Interesting)
so if someone were to figure out that formula, he'd have access to every account you have created?
Re:Use Password Hasher (Score:4, Interesting)
I know IE6 is a nightmare. I don't really pay attention to IE7 or IE8 because I don't use them. I know Chrome involves some privacy issues, and I suppose there is something that has to do with selective script management. From what I hear, however, Opera and Iron are supposed to be pretty damn secure. Also, SeaMonkey is supposed to be pretty decent. I can't talk about Safari because, like IE, I really don't care about it at all.
Of course, you prefixed your post with "In Tinfoil Hat Land..." so I suppose you were being somewhat sarcastic. But I am curious, do you really think FF is the only secure browser out there?
Well lets just... (Score:3, Interesting)
Password protect our bios
Then our Hard drive
Then our Operating System
Then our router
Then our ISP
Then our Email
Then our website
Then our credit / bank cards (pins and codes)
I'm all for it but the thing that bugs me is why cant we write a paragraph for our passwords or at the very least a full sentence.
usually 8-64 characters is the min max range for a acceptable password. But what If I want my password to be the gettysburg address. Or maybe just the lyrics to a song. Why cant we have insanely complex passwords if we want? So until my password can be pi to the 100th digit dont come complaining to me when my passwords are the same for everything.
Re:"Leaked"? (Score:2, Interesting)
>"Loose lips sink ships" was a common saying during World War II
And today we know *way* too much, in way too much detail, about the location and movement of troops, their morale, reports of their actions, etc.
Re:Well lets just... (Score:3, Interesting)
4#&7YagoR4fathers...
Re:The danger of too many password requirements (Score:4, Interesting)
"Simply, people can no longer remember passwords good enough to reliably defend against dictionary attacks, and are much more secure if they choose a password too complicated to remember and then write it down. We're all good at securing small pieces of paper. I recommend that people write their passwords down on a small piece of paper, and keep it with their other valuable small pieces of paper: in their wallet."
Re:The danger of too many password requirements (Score:3, Interesting)
Whereas they should have it in a little address book that they keep with their cash and credit cards. I mean that seriously. Use strong passwords, use a different password for every account, and write them down. Yes. I said that. Write them down. There is no other way to get ordinary people to use multiple strong passwords.