I was one of the million or so people affected by the recent Gawker compromise. At the same time, I’m moving to a new laptop. I decided to take this as a wakeup call to get my password house in order, and to change some of the things about my working environment.
I had originally thought that I was unaffected, but I had created a throwaway Gawker account over a year ago so I could comment on a Jalopnik post. Throwaway email address at a domain that I no longer use, and a password that I shared with all throwaway web accounts. So far, so good.
While I was looking into the stories about the Gawker incident, I found this article at lifehacker about how to be smarter about online passwords. I’ve always kept “important” passwords (banks, credit cards, etc) completely separate from email accounts, web site accounts, etc. I use the built-in password manager in Firefox for most accounts, but with a master password.
But, when I tried the “Lastpass security test“, I discovered that I had entirely too many web accounts (361!), and entirely too much password reuse. So, time to get serious about web passwords.
Since installing Lastpass, I’ve started culling through all that old password cruft, and resetting my most important passwords with generated passwords. Since I have several completely separate online identities, this may take some time. I figure I’ll have to take a fair amount of time over the Holiday break.
We have to realize that very few, if any of the web sites we use on a daily basis were actually designed with security in mind. Any security they have in place is to protect themselves, not their visitors. Gawker has admitted this, and seems to be changing course. I wonder if any other sites will take this as a wakeup call?
- How to Audit and Update Your Passwords [Passwords] (lifehacker.com)
- Personal Password Security and the Gawker Hack (prweb.com)