Most popular passwords

The best passwords are passphrazes, something like "I like mybroadband" is a much stronger password than B@$#ie for example, simply because of the mathematical permutation required to brute force 18 characters is tougher than the one to brute force 6 characters. It's that simple really.

Well said. And passphrases are easy for human brains to store.
 
Heh, I remember "god" from Hackers. Man, that movie was bad.

+1 for you sir, you at least got the hackers reference.

+0 for everyone else thinking that I was serious about those passwords coming from a badly researched, amusing and entertaining movie. :D


+1, I canned myself when I read that the first time!
 
This is all useless.

A password is a hindrance to prevent access, it is not the be-all security measure that they're trying to make it into.
The 3-5 tries rule then you're locked out must be implemented for passwords to be successful.

A far greater risk is DNS spoofing, where an email saying: "Your password is peanutbuttersammich" is sent to an email address created instantly by changing an entry on the nameserver so that the fake recipient gets the email instead of the real one.

Once again, management is driving this issue in the wrong direction. It's a science, not a tool.
 
Why bother with a password, just don't use any :D, if they insist then you f... with making one up, nevermind trying to remember it. Or you can follow this logic, ask yourself; "what would [your favorite person's name here] do" and you wait for it... wait... poef... and you will have your password :cool: :D
 
Some people, and restaurants use the same word for their wireless network name and password...

I have also managed to login to one of the display computers at hificorp, becasue their password was the name of the area they were in. Needless to say the sales appie wasn't too charmed.
 
Safest to just use your girlfriend's name as your password. I reckon if your wife can't figure it out, nobody can!!
 
Meh. This inspired me to quickly write a console application that takes the URL of a site, runs a SHA-256 hash on it, does some swapping of characters and nonstandard symbols and other stuff, and generates a password unique for that site's URL so that I don't need to remember all these passwords I have.
 
Everyday people's information often get intercepted, not because hackers brute force their accounts, their computers just got infected with spyware/trojans.. so then all their logins (rs, steam etc) will be recorded.

I even bought a couple of these accounts. I hate it when you try to join a websites and it asks you to enter a 20 digit(number, symbol, upper/lower case) string as password and they don't warn you to install anti spy/mal/virus on your pc as well..

Especially on our slow as hell INTERNET connections. It takes a lot of patience to suffer through all the website's hang ups
 
Last edited:
I finished the app while having some tea and it generates passwords along the lines of this:
±××…¬'W3LùÈ

I reckon that's fairly secure :D
 
They should see the password that my bb email you when you forgot your current one. And its also case sensitive.
 
Companies are much to blame and basically force employees to use weak passwords by forcing them to change passwords every month. Some companies won't allow you to use the same password for x-amount of changes. So people then use easy to remember passwords like "joebloggs1" then joebloggs2, etc. I believe let people use a strong password and let them change it as they feel is necessary.
 
Meh. This inspired me to quickly write a console application that takes the URL of a site, runs a SHA-256 hash on it, does some swapping of characters and nonstandard symbols and other stuff, and generates a password unique for that site's URL so that I don't need to remember all these passwords I have.
I hope you adding some salt before you hash.... otherwise its pretty pointless :D Everyone on a particular site will have the same password and it will be easy to figure out. :rolleyes:
 
According to another article I read on the topic, it seems that a Latino group was the target of the phishing attack, and that the passwords published were all from the beginning of the alphabet - which would explain why "alejandra' and 'alberto' were in that list.
 
First of all, people who develop systems that store passwords in the clear into their DBMS really need to go back to Grade 1. It worries me that passwords of Hotmail users were analyzed which means that MS was storing the passwords in the clear.

Websites that have the stratigy of sending you your password via e-mail when clicking on "Forgot Password" also need to learn a thing or two about security. The system should reset the user's password, generate a random password and send it to the user's e-mail address. Once the user has clicked on the link and logged on with the correct credentails, be forced to change the password before continuing. There are so many sites that don't do this.

On top of that, not allow the user to choose the same password as before, but store up to 3 or more previous passwords.

That is PCI-DSS for you, which we are implementing in our system :)
 
Safest to just use your girlfriend's name as your password. I reckon if your wife can't figure it out, nobody can!!

Don't bank on that... You wife worked it out minutes after the affair started, and is just biding her time to empty all the online accounts and post 'those pictures' on your Facebook page.;)
 
Top
Sign up to the MyBroadband newsletter
X