By now you have probably read that Gawker Media’s password database was hacked and over 1 million usernames and passwords spilled out on to the web. It’s a serious problem because most people don’t have unique passwords for websites they register for, which not only exposes the futility of passwords but also makes a serious case for an identity and authentication system like Facebook Connect.
However, did you ever wonder why media sites force you to register in order to comment? They want your email address and identity information for driving marketing and promotions as well as enabling data services businesses. They provide no real utility in exchange for getting you to hand over a piece of personal information… unless you consider their email products useful.
So how about this for a solution to the problem of media sites and data security… instead of requiring me to register in order to post a comment how about just letting me post a comment? When you consider the damage to Gawker’s brand and the fact that they have just deep six’ed their entire user information database, one has to wonder if they really believe that all those usernames and passwords they accumulated were worth the trouble.
I am one of the ones who’s entire online history was compromised because of this.
I joined one of their affiliate sites for some reason or other and my email was on that list unfortunately. I don’t even remember signing up, let alone commenting. I downloaded the entire database to see what my pw even was and it looks the decryption worked.
Luckily, I never considered sites like Gawker important, so I had a ‘lame’ password for it and so it doesn’t affect me as much as some people who used the same password across the board. It’s still pretty sucky though, and I can’t really imagine the millions of people this seriously effects. Personally, I found the response by Gawker kind of inadequate. Even on their main page it’s already not news anymore; if it wasn’t for Amazon’s alert, I might not have even realized this had happened to me. Certainly if I ever considered using the site in the past, I definitely will not now.
People are saying that the ‘thing to take away from this,’ is the fact you shouldn’t use a ‘bad’ password, like say— password. But really, the real moral is not to use the same password everywhere; and definitely not use your more important, harder-to-guess passwords on sites like Gawker. After all, my ‘lame’ password wasn’t guessed in the end, so that point is moot in my opinion.
The only safety you have in your password is the safety of the site itself; and I agree with you when you say that the point is only to comment then signing up for a thousand sites becomes redundant and invasive.