The worst online passwords you can use

Mike Hoxbig

Honorary Master
Joined
Apr 25, 2010
Messages
35,627
A site called LeakedIn.org was set up where users can check whether their LinkedIn passwords are part of the list of compromised passwords. The service creates a SHA-1 hash of an entered password, and then checks it against the hashed password list to see if your password was leaked (or even cracked).
Lol nice try, but I don't need to 'verify' my password.
 

Pooky

Garfield's Teddy
Joined
Dec 16, 2007
Messages
24,506
Erm my password is the same for lots of sites... maybe a bad move...
 

ClintX

Banned
Joined
May 4, 2012
Messages
496
No way! I honestly thought I was the only one that used "password". Damn it.

I too have the same password for most sites and forums. And I don't really care. If someone wants to post as me on a forum then good luck to them.
 

gregmcc

Honorary Master
Joined
Jun 29, 2006
Messages
22,095
If your not using lastpass then you need to - I have different random passwords for every single site. Try and crack my 20 char password! :)
 

borga

Well-Known Member
Joined
Nov 13, 2009
Messages
210
No way! I honestly thought I was the only one that used "password". Damn it.

I too have the same password for most sites and forums. And I don't really care. If someone wants to post as me on a forum then good luck to them.
Agree, about half my password are 12345678 (along with a separate e-mail account for registration on those sites), often at sites where I log in only once and then never go back to the site, so who cares if someone logs into my account on such site, for all the important stuff each have a unique password for each site.
 

Lycanthrope

Honorary Master
Joined
Oct 26, 2006
Messages
13,279
Online banking, e-mail, Paypal and other financial services I use all have different passwords.

Then I have a couple of other passwords that I use at random depending on the sites.

I like to think they're fairly secure :p
 

yeti

Well-Known Member
Joined
Oct 13, 2009
Messages
435
How to easily use a unique password for every website

Security sources often site using different passwords for different websites as a best practise when it comes to security. However, this is often not plausible as it can get difficult to remember a single long password, yet alone many.

A close friend of mine once shared his wisdom with respect to using a unique password per site to avoid reusing a single password, which I will now share with you.

The idea is simple and two fold -
  1. generate a long (8 digits+) sequence of random digits - and LEARN IT OFF BY HEART!
    E.g. kjHh_36Ia)
  2. devise a simple algorithm you can derive from the website (normally its name) and append/prepend/augment small changes to the static password learnt in (1).

Now lets devise a working example to elaborate the idea:
Working Example
Algorithm: Take the number of characters in the name of the website and prepend it to the random sequence. Take the first letter of the website and append it to the random sequence. This is your unique password for the website.
Website: www.mybroadband.co.za
Sequence: kjHh_36Ia)
Unique password: 11kjHh_36Ia)m

And there you have it - unique passwords for every website - simple to remember (you still only have one password) and easy to derive at login time.
 

ghoti

Karmic Sangoma
Joined
Jan 17, 2005
Messages
46,151
We are learning passwords wrong.

Everyone is being taught to make passwords that look like this:

A) #b0b8y86! -Massive Cracking Array Scenario:(Assuming one hundred trillion guesses per second) 6.00 minutes

When a better and easier password to remember would be something like this:

B) bobbywentforawalk - Massive Cracking Array Scenario:(Assuming one hundred trillion guesses per second) 3.75 centuries

(I used this site to work out entropy: https://www.grc.com/haystack.htm )

Password A is complicated, hard to remember and difficult to type on some devices and easy to be cracked. Password B is not complicated, easy to remember, easy to type and difficult to be cracked.

This is how I now teach people when creating passwords. Think of an easy to remember sentence.
 

yeti

Well-Known Member
Joined
Oct 13, 2009
Messages
435
We are learning passwords wrong.

Everyone is being taught to make passwords that look like this:

A) #b0b8y86! -Massive Cracking Array Scenario:(Assuming one hundred trillion guesses per second) 6.00 minutes

When a better and easier password to remember would be something like this:

B) bobbywentforawalk - Massive Cracking Array Scenario:(Assuming one hundred trillion guesses per second) 3.75 centuries

(I used this site to work out entropy: https://www.grc.com/haystack.htm )

Password A is complicated, hard to remember and difficult to type on some devices and easy to be cracked. Password B is not complicated, easy to remember, easy to type and difficult to be cracked.

This is how I now teach people when creating passwords. Think of an easy to remember sentence.
Valid point.

Should be used in conjunction with some variance (i.e. my suggestion above) to ensure that there isn't a crack-one-solve-all scenario.
 

TimTDP

Expert Member
Joined
Feb 23, 2007
Messages
1,057
Try using a password manager application that organizes and protects passwords and can automatically log you into websites.
Any suggestions of a good application?
 

zamicro

Expert Member
Joined
Oct 22, 2007
Messages
3,823
Security sources often site using different passwords for different websites as a best practise when it comes to security. However, this is often not plausible as it can get difficult to remember a single long password, yet alone many.

A close friend of mine once shared his wisdom with respect to using a unique password per site to avoid reusing a single password, which I will now share with you.

The idea is simple and two fold -
  1. generate a long (8 digits+) sequence of random digits - and LEARN IT OFF BY HEART!
    E.g. kjHh_36Ia)
  2. devise a simple algorithm you can derive from the website (normally its name) and append/prepend/augment small changes to the static password learnt in (1).

Now lets devise a working example to elaborate the idea:
Working Example
Algorithm: Take the number of characters in the name of the website and prepend it to the random sequence. Take the first letter of the website and append it to the random sequence. This is your unique password for the website.
Website: www.mybroadband.co.za
Sequence: kjHh_36Ia)
Unique password: 11kjHh_36Ia)m

And there you have it - unique passwords for every website - simple to remember (you still only have one password) and easy to derive at login time.
I use a similar approach and it works well for me.

Anyway, I earlier changed my LinkedIn password, as it might be compromised and the I can also ignore all future phishing emails to change my password.
 
Top