FWIW, his password was apparently "dadada". But he basically never used Twitter (didn't follow him on Pinterest), so he probably did what a lot of people do for services they don't really intend on seriously using (except most people seriously use those social media services), which is to just make up a silly password for all of them. Even so, probably should've picked something a little stronger than that...
But he must have used "dadada" for LinkedIn, Twitter and Pinterest?
That might imply that "dadada" is either;
1. A password he actually uses on real accounts
2. Its his 'default' throwaway password on places he doesnt really care about.
Either way - people (hackers) will try and use "dadada" on any/all other Mark's possible signin on any/all other websites - who knows how many times he repeated this.
Has it been confirmed that Zuck even browses HN, nevermind have an account? I mean, he's important...but lots of important people have created accounts and posted on HN at some point...Brian Chesky, Drew Houston, Peter Norvig...though the revelation that Alan Kay posts on HN takes the cake http://www.themacro.com/articles/2016/06/hn-highlights-june-...
About three or four years ago he tried to do an ama but it didn't really take off. Asides the obvious outing himself, there were plenty of other clues confirming him. Also, I'm pretty sure he has more than one handle.
By the way, I think most of us realize pg and Mark are on very good terms. Way back, I'm thinking 6'ish years back, Facebook and YC had official connections (YC startups would get access to some of Facebook's tools or some such thing, I don't fully remember. But I think YC reduced the profile of this connection because HN went all up in arms over this back then.
I have crappy passwords on old accounts that I created before I started using LastPass... but I'm also an irrelevant normal person, not a billionaire CEO at an extremely powerful company. Very silly of Zuck (and really, I should go change my old passwords too).
Three "large" sites that he didn't use or care about. I have a twitter account that I posted one tweet on in 2013. The password is "mystupidpassword" -- have at it, hackers.
I think I remember a time where LinkedIn was getting a bit of flack for their practice of "encouraging" new users to share their address books with them, which would mean that, at best, LinkedIn could create "ghost" accounts seeded with relationships and waiting to be claimed, and at worst, sending not-entirely-wanted emails pimping their service to one's entire address book.
I have no idea. I had to go through their password reset hoops to even get in and figure out what was going on and to make sure that it was actually my account. It was, fortunately... or at least one that I had control over. My worry was that someone had made a fake linkedin account.
I wonder if this implies a possible insight into password thefts, and why some of the "leaks" take years to actually be distributed/published by the original hacker.
If you stole a database of hashed passwords, you could focus on 2-3 "VIP" clients/celebrities of that database,
and despite the computational cost, try and crack that hash.
Knowning that if/when you crack the hash, you could potentially use that password on other logins that VIP might use, prior to anyone knowing.
Wholly on Zuck for using the same weak password. Password managers are easy, there is no excuse for a tech savvy person to use a bad password (and even worse, re-use the same bad password).
I'm a tech savvy person and still don't use a pwd manager. I have a base password with extra stuff added at the end that I can figure out from the domain name. I want to use a password manager but it seems to me to not be easy as you claim.
It's nowhere near as easy as you hand wavingly claim it is. Last time I tried the one everyone said to use had been bought and everyone was saying don't use it, but the other alternative didn't work on mobiles (or something, I forget) properly. I even had one installed for a bit but it never seemed to work so I gave up.
It's still a broken ux with a non-trivial cost of using it.
I know I should use it, I know when I get hacked I will regret it. I do use 2 factor for the important stuff, because it works and is actually easy, unlike the bolted on clunkiness of password managers.
Yea, well it is that hand wavingly easy. Mobile has gotten a lot better over the years as well, especially on iOS because you can use TouchID to unlock the password manager.
On desktop it could not be easier, I hit command-\ and it autofills the username and password for the current site I am using and if I have more than one login for that site there's a list of logins to use. You can activate it the other way around too by choosing a site from the password manager and it will open the site in your browser, auto-fill the login and then submit it so that you're ready to go.
I would still use this setup even if my passwords were all simple to remember like yours are.
Which one did you try? I've been using 1Password for years and it works great across all of my devices (automatically synced via Dropbox). No affiliation besides being a customer.
For stupid sites who cares? If someone wants my hackernews or reddit passwords, cool. I am not going to go copy paste passwords so my hacker news password is safe.
To each their own, but in this case if Zuck had used a password manager he wouldn't come out looking like a chump. And honestly it's easier to use one than type even a simple password--one keyboard shortcut and you're automatically logged in.
There's no need for copy and paste. Quite a few password managers have browser plugins that will autofill or auto login. If you have multiple accounts, it's as simple as selecting the desired username from a dropdown list.
Every time this sort of thing comes up, people piss and moan that password managers are too hard to use/etc.
I've never used a password manager besides keychain+safari (across several devices), and I just don't get the issues people claim to have.
If third party password managers are so terrible why hasn't chrome/ff/etc got a better built in password manager? Or if they do, why don't people use them?
Mark Zuckerberg's Twitter and Pinterest Accounts Hacked.
Twitter and Pinterest Accounts Hacked.
Twitter and Pinterest.
Not Facebook.
If I was MZ i would use "password" as a password on Twitter and Pinterest...
