Yeah, but only as “safe” as a 4-letter password. Assuming full alphanumerics, that’s only 14 million possible 12-character passwords to try. Given a 1GHz processor, well, you see where I’m going with this.
This is why I freaked out when bluehost.com (AVOID!) required the last four characters of my password to accompany support requests(!).
Yeah I was just using the 12 as an example, but someone with say 36 chars past the 8 recovered from gawker should be a little more at ease.
I don't think I've logged into any of their sites, I use different passwords at different sites and they are generally > 20 chars, so I'm not worried. Yet, at the same time, even knowing all of that, I did a bit of a double take and had a brief "Oh shi-" moment of paranoia when I read the headline.
In fact, if I were say a young starlet that used a similar password for my private email or something as my Gawker account, I'd be really freaked!
Realistically, this isn't likely to compromise a strong 12 character password without a second breach at a different site. (In order for your 1GHz processor to have any bearing on the discussion, they need not only Gawker's password hashes, but another site you coincidentally have an account at that uses the same password.)
This is why I freaked out when bluehost.com (AVOID!) required the last four characters of my password to accompany support requests(!).