Technology Evangelist - Technology News, Articles, Blogs, and Interviews

Better Living Through Technology: a blog dedicated to emerging
technology trends in hardware, software, webware, marketing and beyond

Recent Comments
- Ed Kohler on Learn Online Advertising Through Small Bets
- Rolv Heggenhougen on Learn Online Advertising Through Small Bets
- C. LeClaire on CES 2008: Brad Anderson - Best Buy CEO in CES Forum
- ryan l on Scaling Beyond Grad School
- are u guys dumb? on How to Access MySpace from School
- daral on Should Teachers Have Blogs?
- Dima on Scaling Beyond Grad School
- Shelby on How to Access MySpace from School
- Robin on How to Access MySpace from School
- Kasey on How to Access MySpace from School

My Password Has Been Compromised

August 23rd, 2007

Ed Kohler

This annoys me: I found a site with my favorite password on it.

This is a problem since the combination of letters and numbers is absolutely unique. The only way it would show up on the web is if I put it there or a site’s security was breached.

In this case, it looks like the latter since the Chinese site displaying it has a long list of terms that are clearly passwords ranging from things that are extremely obvious to rather complex terms.

One thing I noticed was that many passwords seem to be simple variations on what’s presumably the username. For example, a password like johndoe1 could probably be tied to a username “johndoe.” That’s still pretty vague, but it’s not nearly so vague when the password + 1 is a much less common name.

To me, this marks a good time to switch up passwords. Nothing that I’m aware of has been compromised, but why wait for that, eh?

In case you’re wondering, my new password will not be edkohler1.

This entry was posted on Thursday, August 23rd, 2007 at 8:05 am and is filed under Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

7 Responses to “ My Password Has Been Compromised ”

Posted by: Tara (PassPack) on August 23rd, 2007 3:44 pm

Unfortunately, making “strong” passwords is becoming more and more complex of an operation - especially since you need a completely unique password for every site or service that you use.

I wrote a quick post on it over at my company blog. I run an online password manager, so there’s clearly a product plug in there, but the information should be useful regardless.

Choosing Passwords, Long is Strong

Cheers,
Tara Kelly
PassPack Founding Partner

Posted by: May C on August 23rd, 2007 4:00 pm

This is getting me very worried. I’m curious where you found this information? I need to check out whether my password is in there so I should change it and spend the rest of my life doing so too. Argh.

Posted by: Josh on August 23rd, 2007 5:40 pm

That’s interesting. I think wise site administrators should create some “ringer” username and password pairs, and occasionally search for them - on the web, but also on the disk. They should not exist anywhere in plain-text form.

Posted by: Ed Kohler on August 23rd, 2007 8:30 pm

May, I Googled my pass and found one result. The resulting page was in Chinese but clearly has a table of passwords on it. I’m not going to link to it, but now you know how I found it.

Posted by: Bill McGuire on August 24th, 2007 12:32 am

Luckily my password does not show up. I use to google my SSN and credit card numbers and they would show up in huge lists of other numbers. They no longer show up. I guess I should be comforted in this.

Posted by: Galen on August 24th, 2007 11:54 am

Good thing you didn’t “AOL” your password back in the day before they released millions of search queries.

So will it be K0hler3d?

Posted by: Ed Kohler on August 24th, 2007 2:21 pm

Thanks for nothing, Galen. Back to the password creation drawing board.

Leave a Reply

Name (required)

Mail (will not be published) (required)

Website

Audio-only Comment

Recent Posts

Archives

About

About TE
Publication Masthead

© 2005-2007 Technology Evangelist

Close

Social Web
E-mail