The worst online passwords you can use

jes · Jun 8, 2012

The worst online passwords you can use

If your password is in the list of worst passwords to use, it is time to change it now

Mike Hoxbig · Jun 8, 2012

A site called LeakedIn.org was set up where users can check whether their LinkedIn passwords are part of the list of compromised passwords. The service creates a SHA-1 hash of an entered password, and then checks it against the hashed password list to see if your password was leaked (or even cracked).

Lol nice try, but I don't need to 'verify' my password.

Pooky · Jun 8, 2012

Erm my password is the same for lots of sites... maybe a bad move...

BraBean · Jun 8, 2012

Pooky said:
Erm my password is the same for lots of sites... maybe a bad move...

Me too, but don't tell anybody....urm!?!?!

Mr.CookieMonster · Jun 8, 2012

I dont use any of those

elriconess · Jun 8, 2012

my passwords always change, never duplicate passwords.

ClintX · Jun 8, 2012

No way! I honestly thought I was the only one that used "password". Damn it.

I too have the same password for most sites and forums. And I don't really care. If someone wants to post as me on a forum then good luck to them.

gregmcc · Jun 8, 2012

If your not using lastpass then you need to - I have different random passwords for every single site. Try and crack my 20 char password!

borga · Jun 8, 2012

ClintX said:
No way! I honestly thought I was the only one that used "password". Damn it.

I too have the same password for most sites and forums. And I don't really care. If someone wants to post as me on a forum then good luck to them.

Agree, about half my password are 12345678 (along with a separate e-mail account for registration on those sites), often at sites where I log in only once and then never go back to the site, so who cares if someone logs into my account on such site, for all the important stuff each have a unique password for each site.

Lycanthrope · Jun 8, 2012

Online banking, e-mail, Paypal and other financial services I use all have different passwords.

Then I have a couple of other passwords that I use at random depending on the sites.

I like to think they're fairly secure

Speedster · Jun 8, 2012

Never looked back since I discovered 1password.

siraman · Jun 8, 2012

13.iloveyou

For being so stupid.

ToxicBunny · Jun 8, 2012

Where is p@ssw0rd?

Or is that too complex for ppls heads.

Diplos · Jun 8, 2012

sydCPT · Jun 8, 2012

siraman said:
For being so stupid.

1. password
18. passw0rd

All the guys that replaced 'o' with '0' must have thought they were brilliant

yeti · Jun 8, 2012

How to easily use a unique password for every website

Security sources often site using different passwords for different websites as a best practise when it comes to security. However, this is often not plausible as it can get difficult to remember a single long password, yet alone many.

A close friend of mine once shared his wisdom with respect to using a unique password per site to avoid reusing a single password, which I will now share with you.

The idea is simple and two fold -

generate a long (8 digits+) sequence of random digits - and LEARN IT OFF BY HEART!
E.g. kjHh_36Ia)
devise a simple algorithm you can derive from the website (normally its name) and append/prepend/augment small changes to the static password learnt in (1).

Now lets devise a working example to elaborate the idea:
Working Example
Algorithm: Take the number of characters in the name of the website and prepend it to the random sequence. Take the first letter of the website and append it to the random sequence. This is your unique password for the website.
Website: www.mybroadband.co.za
Sequence: kjHh_36Ia)
Unique password: 11kjHh_36Ia)m

And there you have it - unique passwords for every website - simple to remember (you still only have one password) and easy to derive at login time.

w1z4rd · Jun 8, 2012

We are learning passwords wrong.

Everyone is being taught to make passwords that look like this:

A) #b0b8y86! -Massive Cracking Array Scenario

Assuming one hundred trillion guesses per second) 6.00 minutes

When a better and easier password to remember would be something like this:

B) bobbywentforawalk - Massive Cracking Array Scenario

Assuming one hundred trillion guesses per second) 3.75 centuries

(I used this site to work out entropy: https://www.grc.com/haystack.htm )

Password A is complicated, hard to remember and difficult to type on some devices and easy to be cracked. Password B is not complicated, easy to remember, easy to type and difficult to be cracked.

This is how I now teach people when creating passwords. Think of an easy to remember sentence.

yeti · Jun 8, 2012

ghoti said:
We are learning passwords wrong.

Everyone is being taught to make passwords that look like this:

A) #b0b8y86! -Massive Cracking Array ScenarioAssuming one hundred trillion guesses per second) 6.00 minutes

When a better and easier password to remember would be something like this:

B) bobbywentforawalk - Massive Cracking Array ScenarioAssuming one hundred trillion guesses per second) 3.75 centuries

(I used this site to work out entropy: https://www.grc.com/haystack.htm )

Password A is complicated, hard to remember and difficult to type on some devices and easy to be cracked. Password B is not complicated, easy to remember, easy to type and difficult to be cracked.

This is how I now teach people when creating passwords. Think of an easy to remember sentence.

Valid point.

Should be used in conjunction with some variance (i.e. my suggestion above) to ensure that there isn't a crack-one-solve-all scenario.

TimTDP · Jun 8, 2012

Try using a password manager application that organizes and protects passwords and can automatically log you into websites.

Any suggestions of a good application?

zamicro · Jun 8, 2012

yeti said:
Security sources often site using different passwords for different websites as a best practise when it comes to security. However, this is often not plausible as it can get difficult to remember a single long password, yet alone many.

A close friend of mine once shared his wisdom with respect to using a unique password per site to avoid reusing a single password, which I will now share with you.

The idea is simple and two fold -

generate a long (8 digits+) sequence of random digits - and LEARN IT OFF BY HEART!
E.g. kjHh_36Ia)

devise a simple algorithm you can derive from the website (normally its name) and append/prepend/augment small changes to the static password learnt in (1).

Now lets devise a working example to elaborate the idea:
Working Example
Algorithm: Take the number of characters in the name of the website and prepend it to the random sequence. Take the first letter of the website and append it to the random sequence. This is your unique password for the website.
Website: www.mybroadband.co.za
Sequence: kjHh_36Ia)
Unique password: 11kjHh_36Ia)m

And there you have it - unique passwords for every website - simple to remember (you still only have one password) and easy to derive at login time.

I use a similar approach and it works well for me.

Anyway, I earlier changed my LinkedIn password, as it might be compromised and the I can also ignore all future phishing emails to change my password.

The worst online passwords you can use

MyBroadband Alumnus

Honorary Master

Garfield's Teddy

Honorary Master

Expert Member

Senior Member

Banned

Honorary Master

Well-Known Member

Honorary Master

Honorary Master

Expert Member

Oi! Leave me out of this...

Senior Member

Well-Known Member

Well-Known Member

Karmic Sangoma

Well-Known Member

Expert Member

Expert Member