The worst online passwords you can use

[jes]

The worst online passwords you can use

If your password is in the list of worst passwords to use, it is time to change it now

 

[Mike Hoxbig]

A site called LeakedIn.org was set up where users can check whether their LinkedIn passwords are part of the list of compromised passwords. The service creates a SHA-1 hash of an entered password, and then checks it against the hashed password list to see if your password was leaked (or even cracked).

Lol nice try, but I don't need to 'verify' my password.

 

[Pooky]

Erm my password is the same for lots of sites... maybe a bad move...

 

[beans100]

Erm my password is the same for lots of sites... maybe a bad move...

Me too, but don't tell anybody....urm!?!?!

 

[Mr.CookieMonster]

I dont use any of those

 

[elriconess]

my passwords always change, never duplicate passwords.

 

[ClintX]

No way! I honestly thought I was the only one that used "password". Damn it.

I too have the same password for most sites and forums. And I don't really care. If someone wants to post as me on a forum then good luck to them.

 

[gregmcc]

If your not using lastpass then you need to - I have different random passwords for every single site. Try and crack my 20 char password!

 

[borga]

No way! I honestly thought I was the only one that used "password". Damn it.

I too have the same password for most sites and forums. And I don't really care. If someone wants to post as me on a forum then good luck to them.

Agree, about half my password are 12345678 (along with a separate e-mail account for registration on those sites), often at sites where I log in only once and then never go back to the site, so who cares if someone logs into my account on such site, for all the important stuff each have a unique password for each site.

 

[Lycanthrope]

Online banking, e-mail, Paypal and other financial services I use all have different passwords.

Then I have a couple of other passwords that I use at random depending on the sites.

I like to think they're fairly secure

 

[Speedster]

Never looked back since I discovered 1password.

 

[siraman]

13.iloveyou

For being so stupid.

 

[ToxicBunny]

Where is p@ssw0rd?

Or is that too complex for ppls heads.

 

[Diplos]

 

[sydCPT]

For being so stupid.

1. password
18. passw0rd

All the guys that replaced 'o' with '0' must have thought they were brilliant

 

[yeti]

How to easily use a unique password for every website

Security sources often site using different passwords for different websites as a best practise when it comes to security. However, this is often not plausible as it can get difficult to remember a single long password, yet alone many.

A close friend of mine once shared his wisdom with respect to using a unique password per site to avoid reusing a single password, which I will now share with you.

The idea is simple and two fold -

1. generate a long (8 digits+) sequence of random digits - and LEARN IT OFF BY HEART!
   E.g. kjHh_36Ia)
2. devise a simple algorithm you can derive from the website (normally its name) and append/prepend/augment small changes to the static password learnt in (1).

Now lets devise a working example to elaborate the idea:
Working Example
Algorithm: Take the number of characters in the name of the website and prepend it to the random sequence. Take the first letter of the website and append it to the random sequence. This is your unique password for the website.
Website: www.mybroadband.co.za
Sequence: kjHh_36Ia)
Unique password: 11kjHh_36Ia)m

And there you have it - unique passwords for every website - simple to remember (you still only have one password) and easy to derive at login time.

 

[ghoti]

We are learning passwords wrong.

Everyone is being taught to make passwords that look like this:

A) #b0b8y86! -Massive Cracking Array ScenarioAssuming one hundred trillion guesses per second) 6.00 minutes

When a better and easier password to remember would be something like this:

B) bobbywentforawalk - Massive Cracking Array ScenarioAssuming one hundred trillion guesses per second) 3.75 centuries

(I used this site to work out entropy: https://www.grc.com/haystack.htm )

Password A is complicated, hard to remember and difficult to type on some devices and easy to be cracked. Password B is not complicated, easy to remember, easy to type and difficult to be cracked.

This is how I now teach people when creating passwords. Think of an easy to remember sentence.

 

[yeti]

We are learning passwords wrong.

Everyone is being taught to make passwords that look like this:

A) #b0b8y86! -Massive Cracking Array ScenarioAssuming one hundred trillion guesses per second) 6.00 minutes

When a better and easier password to remember would be something like this:

B) bobbywentforawalk - Massive Cracking Array ScenarioAssuming one hundred trillion guesses per second) 3.75 centuries

(I used this site to work out entropy: https://www.grc.com/haystack.htm )

Password A is complicated, hard to remember and difficult to type on some devices and easy to be cracked. Password B is not complicated, easy to remember, easy to type and difficult to be cracked.

This is how I now teach people when creating passwords. Think of an easy to remember sentence.

Valid point.

Should be used in conjunction with some variance (i.e. my suggestion above) to ensure that there isn't a crack-one-solve-all scenario.

 

[TimTDP]

Try using a password manager application that organizes and protects passwords and can automatically log you into websites.

Any suggestions of a good application?

 

[zamicro]

Security sources often site using different passwords for different websites as a best practise when it comes to security. However, this is often not plausible as it can get difficult to remember a single long password, yet alone many.

A close friend of mine once shared his wisdom with respect to using a unique password per site to avoid reusing a single password, which I will now share with you.

The idea is simple and two fold -

1. generate a long (8 digits+) sequence of random digits - and LEARN IT OFF BY HEART!
   E.g. kjHh_36Ia)
2. devise a simple algorithm you can derive from the website (normally its name) and append/prepend/augment small changes to the static password learnt in (1).

Now lets devise a working example to elaborate the idea:
Working Example
Algorithm: Take the number of characters in the name of the website and prepend it to the random sequence. Take the first letter of the website and append it to the random sequence. This is your unique password for the website.
Website: www.mybroadband.co.za
Sequence: kjHh_36Ia)
Unique password: 11kjHh_36Ia)m

And there you have it - unique passwords for every website - simple to remember (you still only have one password) and easy to derive at login time.

I use a similar approach and it works well for me.

Anyway, I earlier changed my LinkedIn password, as it might be compromised and the I can also ignore all future phishing emails to change my password.