Gawker Security Breach

What it means for you

A company called Gawker lost all its clients' email addresses, usernames and passwords. This file, with all the data was posted for anyone to download from the Internet. Since Gawker handled the passwords for many other sites such as Lifehacker, Gizmodo, Jezebel, io9, Jalopnik, Kotaku, and Deadspin, this included about 1.3 million usernames, email addresses and passwords. Most of these people had never heard of the Gawker Media Network.

What lessons can we draw from this? First and foremost: NEVER USE THE SAME PASSWORD ON MULTIPLE SITES. Those email addresses, usernames and passwords will be used to break into Amazon, E-mail, Paypal and other accounts. Crooks will wonder, "What if this person has an Amazon or Paypal account I could use?" They will test those usernames and passwords against any valuable account they can imagine. They will try it on bank accounts as well.

As most of you know, I am a big believer in using some sort of Password Safe or Password Vault. Have a very good master password for a file that holds all your passwords. The program should generate long random passwords to be used on all other sites and make it easy to enter the password from the program to whatever website you need it for. It should allow you to take notes to add to any passwords and to find them quickly.

I recommend 2 commercial programs, both have both free and paid versions.

Lastpass : This is the hot new program. It will fill in forms onsite, and synchronize passwords between devices including phones as well as safely save your passwords.
Roboform: I use this one. It is a long established and excellent program that will fill in forms and passwords online automatically, and synchronize devices via their online service as well as safely store your passwords. I use it multiple times every day.
KeePass: Is what I use. It has an android App for your phone or tablet, will login with a hotkey, is free, open source, has a huge list of awards, has plugins and is very secure and clean.

When being required to sign into a new site, I put everything into my own password program, not the website. Then I copy and paste it from there into the online form. That way, my record of the password must be correct. Roboform picks it up automatically if I use it online so it ends up with most of my passwords as well. Roboform then allows me to sign into a password protected site by merely clicking on Log-in and the site. It automatically detects the site and fills in my username and password. Roboform can also fill in most forms that request Name, address, company phone number and other standard information.

For those of you who allow your browser to fill in passwords, make sure you create a good master passphrase for your browser's password safe. I do not recommend using the browser for this task, but using one of the three programs above instead. All of them have free versions.

To test your passwords use this site: howsecureismypassword.net⁄ It is really pretty good and estimates how long it could take a cracker to break your password.

The twenty most common passwords found in one analysis of the Gawker data were:

123456 password 12345678 qwerty abc123 12345 monkey 111111 consumer letmein 1234 dragon trustno1 baseball gizmodo whatever superman 1234567 sunshine iloveyou

Date: February 2011

This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.

Keeping clients' computers safe and profitable for over 30 years

Home Forms About Current Newsletter subscribe Search All Articles Browse by Category Security Internet Mobile Business Hardware Fun		Gawker Security Breach What it means for you A company called Gawker lost all its clients' email addresses, usernames and passwords. This file, with all the data was posted for anyone to download from the Internet. Since Gawker handled the passwords for many other sites such as Lifehacker, Gizmodo, Jezebel, io9, Jalopnik, Kotaku, and Deadspin, this included about 1.3 million usernames, email addresses and passwords. Most of these people had never heard of the Gawker Media Network. What lessons can we draw from this? First and foremost: NEVER USE THE SAME PASSWORD ON MULTIPLE SITES. Those email addresses, usernames and passwords will be used to break into Amazon, E-mail, Paypal and other accounts. Crooks will wonder, "What if this person has an Amazon or Paypal account I could use?" They will test those usernames and passwords against any valuable account they can imagine. They will try it on bank accounts as well. As most of you know, I am a big believer in using some sort of Password Safe or Password Vault. Have a very good master password for a file that holds all your passwords. The program should generate long random passwords to be used on all other sites and make it easy to enter the password from the program to whatever website you need it for. It should allow you to take notes to add to any passwords and to find them quickly. I recommend 2 commercial programs, both have both free and paid versions. Lastpass : This is the hot new program. It will fill in forms onsite, and synchronize passwords between devices including phones as well as safely save your passwords. Roboform: I use this one. It is a long established and excellent program that will fill in forms and passwords online automatically, and synchronize devices via their online service as well as safely store your passwords. I use it multiple times every day. KeePass: Is what I use. It has an android App for your phone or tablet, will login with a hotkey, is free, open source, has a huge list of awards, has plugins and is very secure and clean. When being required to sign into a new site, I put everything into my own password program, not the website. Then I copy and paste it from there into the online form. That way, my record of the password must be correct. Roboform picks it up automatically if I use it online so it ends up with most of my passwords as well. Roboform then allows me to sign into a password protected site by merely clicking on Log-in and the site. It automatically detects the site and fills in my username and password. Roboform can also fill in most forms that request Name, address, company phone number and other standard information. For those of you who allow your browser to fill in passwords, make sure you create a good master passphrase for your browser's password safe. I do not recommend using the browser for this task, but using one of the three programs above instead. All of them have free versions. To test your passwords use this site: howsecureismypassword.net⁄ It is really pretty good and estimates how long it could take a cracker to break your password. The twenty most common passwords found in one analysis of the Gawker data were: 123456 password 12345678 qwerty abc123 12345 monkey 111111 consumer letmein 1234 dragon trustno1 baseball gizmodo whatever superman 1234567 sunshine iloveyou Date: February 2011 This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.
		I attempt to provide reliable information, but make no warranty as to the accuracy or safety of these articles. I disclaim all legal responsibility for what following these instructions may do. Follow my advice at your own risk