I could write about security with today’s news of 2 million passwords hacked and exposed on various social media sites. But that’s too easy so I won’t.
All the follow-up advice to users, which I read on several news websites this afternoon, was cliché advice that’s already common knowledge and obviously common sense. They repeat the same thing that we’ve all heard a thousand times before, including those people who used those simple passwords. I think I’ll scream if I see this advice again: “We recommend a mix of upper and lower case, numbers, and special characters.” Shut up already!
The top-10 hacked passwords today included mind-boggling flights of fancy such as “password” and “admin” and numerical brain-teasers such as 123, 1234, 12345, and 123456, … . It is goofy to follow this up with better security advice. These people already know they are using insecure passwords. Leave them alone.
So in that case (I see you thinking), why did I just write two whole paragraphs about security? Actually, if you look again, you’ll see that it’s not about security. It’s about people not caring if somebody, or some-bot, guesses their password. If you don’t care about your Facebook password getting hacked, then use 1234. No biggy.
So who cares about 2 million passwords hacked? Nobody should care, because it’s a nonissue. If 2 million accounts in eBay and Amazon with credit card info get hacked, that’s a big deal. But today’s news is just media hype, a mole hill that’s easy to spin into a mountain. Here’s the real story: the news websites get more page views (I helped them out myself—I checked five or six different sites with basically the same story. It was a waste of time, except that I got this blog entry out of it).
My Facebook password was “pretty strong” and it was hacked a couple of years ago. My “friends” got ads from me (I don’t remember what product). I’ve gotten similar ads from other friends who were hacked. It happens all the time, you yawn, change your password, and get on with your life.
Sidenote: I recommend this site for easy passwords to use on your Facebook and MySpace accounts: http://makeagoodpassword.com/ — use the “Make a Simple password” button.
So today, millions of people heard about a massive hack of passwords, got all excited, searched Google for “2 million passwords hacked” and read some of the articles on it. Soon you and I realized it’s not so sensational after all. But by then we’ve given the news sites, and Google, their spike in page-views/ad-revenue, and some percentage of us easily-manipulated users even clicked the ads on the news websites. That’s what makes it interesting as an event.
Today’s real headline: “Millions of people’s behavior was hacked today by Media sites hyping harmless password pilfering into a so-called security disaster and massively boosting their ad revenues.” Now that’s news I can use.