Graves Concerns

Gawker media (which includes Gizmodo, Lifehacker, Consumerist, and others) got hacked. Hackers obtained source code for the site and—the part that really grabs media attention—the usernames, e‑mail addresses, and passwords of about a million users. The three most popular passwords? 123456, password, and 12345678 (kudos to those who picked 12345678, no doubt security-savvy users heeding warnings that six-character passwords weren’t long enough). The media reaction, in a nutshell: “OMG! Pick better passwords! And use different passwords for every single account!”

Well, yes. If you’re using “12345678″ as the password for your online banking account, perhaps you should reconsider that choice. And if your online banking account has the same password as your account for a message board, we should have a serious chat. But not all accounts are created equal, and no human can remember separate passwords for every single site that demands account registration—nor should they have to. Password vaults and Bruce Schneier’s idea of writing down important passwords and putting them in your wallet, while useful, have practical limits. Does anyone really want to look up every single password? And I can’t fit a phone book in my wallet.

The answer, in my opinion, is to know which passwords are important and which are not. Here’s my own personal hierarchy of password importance:

1. Passwords for sites that want you to create an account for their convenience, not yours.
For example, if a news site wants readers to create accounts solely to track what they’re doing, and that account does not carry any special privileges (commenting on posts under a name, or being able to buy things), the account is for the site’s convenience, not the user’s, and there’s no reason a user should choose a particularly secure password. E-commerce sites that require people to create accounts before they can buy anything fall into this category if the customer can either be sure that the site won’t store payment information (good luck with that) or the customer has a “disposable” payment mechanism available.

When I’m shopping online and run into a store that won’t let me buy something from them without creating an account, I generate a unique e-mail address, generate a unique credit card number that can only be used by that merchant, buy whatever I need, then forget that the account ever existed. If the account is hacked, the hacker gets an e-mail address I never use (and can easily turn off) and a credit card number that’s no good to anyone but the merchant who first placed a charged on it. I can even set the charge limit on that temporary credit card number near the amount of what I’m buying. For that sort of account, I could easily use the password “Password” and lose nothing.

2. Passwords for message boards.
These passwords prevent anyone else from impersonating me on the message board. I generally use the same password on all these sites. If someone pretends to be me on GeekyLawChat.com (name available for registration!), well, that’s annoying, and the fact that I use the same password on NerdsOfTheLaw.net (also available!) means they could pretend to be me there, too. The worst-case scenario is that I might have an interesting time defending a defamation charge. When the alternative is to remember umpteen relatively unimportant passwords (or spend less time on Internet message boards—some of which require registration just to search the message boards), I’ll take the risk.

3. Accounts where money is at stake.
Bank accounts. Amazon (and the like), where you use the account regularly. To some extent, iTunes. If someone guessing your password means they can spend your money (or make it hard for you to get at your money), use a good password. Use a really good password. But where you want to use an ever better password is for…

4. E-mail.
Wait—an e-mail password is more important than the password for your online banking account? Maybe so. Think about how many web sites think that control of your e-mail account means you are who you say you are. Think of the number of sites with “e-mail me my password” links. Think of the number of passwords you probably have sitting in your e-mail right now. Having hackers drain your bank account would be very, very bad, but there’s a chance you could get that money back. Try proving you’re who you are on the Internet when someone else has control of your e-mail. And that’s not even getting to the content of the e-mails in your account. Ask Sarah Palin how annoying that can be.

In the case of Gawker, I might rather have had a “password” password than something real. A real password might have been used on an account I care about. “Password” is the next best thing to no password at all, and sometimes that’s just about the right level of security. “Password” is a perfectly fine password for an account you don’t care about.