passwords shared between rootkit.com and gawker

The Register posted a story comparing passwords disclosed from rootkit.com and Gawker, which suggests a problem with password reuse.

This is a classic journo case of an editor-sensationalized title for an article that doesn’t really get reasonable until the last two paragraphs where it kinda puts the brakes on calling password reuse “endemic.”

Gawker is a celebrity gossip site. Rootkit.com had a forum. As a security conscious person, would even *I* use the same password for both sites? Actually, I likely would. Gawker would be exceedingly low value to me, if I had an account there, and a php-based forum would be exceedingly risky to me. I *might* actually use a crap password for a forum like that, but I’d call that a flip of the coin depending on my mood the day I make those accounts.

Does this mean we should start running around screaming about endemic reuse of passwords? No, though we should encourage people to not reuse them anyway, but this research really doesn’t say all that much.