Seriously, do you ever have those moments where you’re just out and out ashamed of who you are, because of the actions of an unrelated third party? Like when you see some Neo-Nazi douchebag, and for just a moment you’re ashamed to be white?
I’m like that with the web hosting industry right now. For those who aren’t caught up in this mess, WebHostingTalk, a rather large webmaster/host community, got hacked – their tables dumped then dropped. Now there’s quite a few people out there with a good head on their shoulders, but there’s some people who probably shouldn’t even be qualified to operate a Windows computer.
It’s a recurring theme, people whining about their “passwords being out there on someone’s desktop”. If it’s just Mr Tom who wanted to make an informed decision about which $10/year hosting package, okay it makes you face-palm but maybe he hasn’t taken the time to educate himself on security.
But when you see people who seem to be web hosts making these kinds of whines, it’s time for a super-mega-face-palm, the kind where you actually hang your head and wheep for the fate of humanity for a few moments before composing yourself.
So, Internet, it’s time for Password Security 101. Your password is not important. Your password is not a tiny broken fragment of you. Your password is not an insight into your very soul.
Your password is a small string of characters to provide a basic authentication that you are who you say you are – it should be throwaway. You shouldn’t be using the same password for years (though I admit to having done this cardinal sin with things that aren’t important), and you fucking well shouldn’t have the same root password on your web host machine as you do some forum you just go on to be a pretentious asshole at times.
If you enter your password into a phishing site by accident, oh well – change your password (after authenticating it’s the correct site of course). No big deal. A site you have an account on gets hacked? No problem, change your password. You should be able to take your password and post it to Usenet without blinking, only to go change all your passwords in the next 5 minutes.
In fact you know what? e9a834c6c657. That was my gmail password up until a couple minutes ago. See how easy that was? Passwords are disposable. I did it without blinking. I’m a stone-cold password killer.
The fact these morons think their password ending up on some dox dump somewhere is a big deal is, frankly, scary.
I know we’re not all perfect – for being an arrogant asshole I damn sure commit a lot of password no-nos that I probably shouldn’t. A vast number of the websites and goofy little forums I sign up to have the same stupid password I used on WHT, and I changed the ones I could be bothered changing – if any others get owned well then it’s not a huge deal. The effort:risk ratio of changing all of them was just too high, and it’s not like it’s for anything important anyway.
So do me a favour, if you’re in the web hosting industry, the computer security industry, or the systems administration field in any sense, and your password to some forum getting exposed causes you any distress at all – start practicing the line “would you like fries with that?” because you’re unfit for your current job.
I wholeheartedly believe that people who reuse passwords deserve to get hacked. Gmail has extremely high limits for password length and special characters. This was mine until a few seconds ago:
w@s##8ew@uwagawev2$puBrudraStageprajuyap3hub2utecr-vus$utr9v_sec