SEA RANCH, Calif. — A recent study confirmed that every single password created with online music company Bandcamp is comprised of just the name of that band “and maybe a number, sometimes,” unsurprised sources report.
“Our exhaustive search proved that literally every one of [the passwords] was just the name of the band or DJ or whatever,” read the report, published by security firm Vanderson Cyber. “A small group of outliers added a number to the end of the password — typically 420, 69, or 666 — but none deviated further. While our methodology only samples a population of 100,000 accounts, we believe that any passwords that do not fit this wildly insecure and highly predictable pattern are in the margin of error.”
Bandcamp executives, who have maintained lax password requirements from users for years, were disappointed yet “not surprised” by the results of the audit.
“We were worried our users might do something like this,” said Bandcamp spokesperson Mark Bello. “We tried enforcing password limits, but found requiring a numeric character or even a minimum length was enough to force most users to just give up and go to PureVolume. Our hands were really sort of tied.”
Related:
- Blink-182 Inducted Into Password Hall Of Fame
- Man Doesn’t Want Stolen Identity Back
- First Date Questions Strategically Formatted to Crack HBO GO Password
While the report did not speculate as to why bands overwhelmingly choose their own name to lock up their media and payment details, some musicians did offer insight.
“I have the password I use for everything, and the password they keep making me change at work — there’s no way in hell I was gonna add a third. I’m not some robot with a superhuman memory or something,” said drummer Artie Mangrove. “I mean, I play in a band called Good Monday, so I made the password ‘GoodMonday69’ because that’s easy for everyone to remember. I thought maybe I’d make it, like, ‘guitar,’ but not all of us play guitar. This was just the most fair.”
At press time, an anonymous source within the internet’s “black hat” criminal hacking community claimed the insecure accounts are still at minimal risk of exploits. “These bandcamp bands are easy pickings, yeah,” the source said, “but how much money would we be able to make doing that, really?”