75% Use Same Password For Social Media & Email

wiredmikey writes "Over 250,000 user names, email addresses, and passwords used for social networking sites can easily be found online. A study of the data collected showed that 75 percent of social networking username and password samples collected online were identical to those used for email accounts. The password data was gathered from blogs, torrents, online collaboration services and other sources. It was found that 43 percent of the data was leaked from online collaboration tools while 21 percent of data was leaked from blog postings. Meanwhile, torrents and users of other social hubs were responsible for leaking 10 percent and 18 percent of user data respectively...."

Re:"Leaked"?

[KnightBlade]

While I was studying Info. Sec. at my univ, my professor at the time told the class about this research they had about passwords. They were going around gathering statistics by asking random people questions about their passwords- length, number of special characters, if they used the same passwords, the number of times they changed them and so on. He said what amazed him was that one in every 5-6 people would just tell them their password and ask is that good enough?

It gets even worse... even different passwords

[rsborg]

... don't necessarily help.

Facebook's founder knows the importance of social media:

Mark used his site, TheFacebook.com, to look up members of the site who identified themselves as members of the Crimson. Then he examined a log of failed logins to see if any of the Crimson members had ever entered an incorrect password into TheFacebook.com. If the cases in which they had entered failed logins, Mark tried to use them to access the Crimson members' Harvard email accounts. He successfully accessed two of them.

So in this case, the victims didn't even have the same password, but accidentally used the email password for Facebook. Combined with a malicious site (which Facebook was for them) this can lead to leaked passwords.

The best solution to this is to use a password manager like 1password, roboform or KeepassX. I find 1password useful because it matches my password with the domain, preventing inadvertent entries. It's also a boon if you are developing with dozens of test and staging sites which change passwords often.