Alternative title: Good Grief. It's absolutely incredible how clueless people still are about password security. You would think that anyone using the Web today would be aware of the numerous compromises that involve weak passwords. Apparently not. Over at Naked Security, Graham Cluley has a truly depressing post, entitled The top 50 passwords you should never use, that looks at the passwords compromised as a result of the security breach at Gawker Media last year. The most popular?
123456? The next most popular is
Go take a look at the post and see all 50 of them. One could say, “Well, who cares about some throwaway password on Gizmodo or Gawker?” Probably no one except for the other depressing fact that Cluley reports: one third of Web users use the same password on every Website that requires one. You could take the position that this is Darwin in action but, unfortunately, when these people have their bank accounts hacked it raises the costs for all of us.
The foolish are always with us, of course, so maybe banks and other high profile targets should reject any passwords on that list. Unfortunately, as I wrote on my old blog, banks and other companies don't appear to be much smarter about password security than those Gawker users.