As long as the password is unique, it doesn't even matter. Sure, it should be unique yet not revealimg a pattern ("goofy" is ok, "gawker" is not) but there is no need for the user to pass crypto 101.
This for those 1.5m that were just A target; Nick Denton, OTH, was THE target and it was just matter of time for him to get pwned.
>BTW Do you use the same password on your Gawker account elsewhere?
I had to check the other day. I opened that account to leave one comment on lifehacker (that was never approved, actually) and then forgot about it. Turns out the password was safe enough but my mistake there was to use an email address I cared about.
Now I have a less important email address and a supergenpass for everything, except gmail/facebook/dropbox and the other things I care about, for which I have better passwords.
This for those 1.5m that were just A target; Nick Denton, OTH, was THE target and it was just matter of time for him to get pwned.
>BTW Do you use the same password on your Gawker account elsewhere?
I had to check the other day. I opened that account to leave one comment on lifehacker (that was never approved, actually) and then forgot about it. Turns out the password was safe enough but my mistake there was to use an email address I cared about.
Now I have a less important email address and a supergenpass for everything, except gmail/facebook/dropbox and the other things I care about, for which I have better passwords.