Worst passwords in the world

Xzib1t

Expert Member
Joined
Jan 26, 2010
Messages
3,469
personally my favorite password is qwerty.


(this is not my MyBroadband password obviously)
 

Arthur

Honorary Master
Joined
Aug 7, 2003
Messages
25,705
I mostly use pdarsosw quite often. Easy to remember because it's "password" written 1st-letter, last letter, 2nd letter, 2nd-last letter, etc.
 

Jabberwocky

Expert Member
Joined
Aug 8, 2008
Messages
3,615
Making complex passwords is really, really easy.....

Take all the initials of all the members of your family.....

George
Trudy
Jake
Sally
Fred

Then add your pets

Spot
Bobbin

So now you have...

gtjsfsb

Capitalise the parents and the animals...

GTjsfSB

Add the number of people and pets staying at your location (number of your house)....

GTjsfSB(7@34)

Then add the name of your street.... (e.g. LaCoste Road - LR)

GTjsfSB(7@34)LR

Then add the year that you moved into that house....

GTjsfSB(7@34)LR-1995

Then add the postal code for your area....

GTjsfSB(7@34)LR-1995/2043

Voila, you have a password that is easy to remember but will take ages to crack....

"It would take a desktop PC about 285 nonillion years to crack your password"
https://howsecureismypassword.net/

hell no!

i`m gaving trouble remembering on which sites I capitalised the first letter, and put a 1 afterwards.
 
Last edited:

Freaksta

Expert Member
Joined
Sep 4, 2005
Messages
3,736
I still rate the best suggestion is that you have a password that is common but add something based on the website as a prefix or suffix or both.
 

Necuno

Court Jester
Joined
Sep 27, 2005
Messages
58,567
Worst passwords in the world

New research from Trustwave’s SpiderLabs using around 2 million passwords reveals the most common passwords globally

How secure are you all your passwords?

Perhaps one or more of them is <word><number> / <number><word> eg. 2dunhill, incrementing each month ?

How about unique password per login?
 

chrisc

Executive Member
Joined
Aug 14, 2008
Messages
9,558
It might take a desktop PC years to crack the code, but a NVidia GPU with the right software can do it in hours, even the more complicated ones
 

noxibox

Honorary Master
Joined
Apr 6, 2005
Messages
20,862
It is stupid to encourage people to change their password regularly. That just promotes using bad passwords. People are also simply not going to use strong passwords for every login they have unless they have a password manager, because it is impossible to remember them all.

There is also actually nothing wrong with writing down passwords as long as they're kept in a safe place.
 

Azimuth

Expert Member
Joined
Sep 25, 2013
Messages
2,298
Making complex passwords is really, really easy.....

Take all the initials of all the members of your family.....

George
Trudy
Jake
Sally
Fred

Then add your pets

Spot
Bobbin

So now you have...

gtjsfsb

Capitalise the parents and the animals...

GTjsfSB

Add the number of people and pets staying at your location (number of your house)....

GTjsfSB(7@34)

Then add the name of your street.... (e.g. LaCoste Road - LR)

GTjsfSB(7@34)LR

Then add the year that you moved into that house....

GTjsfSB(7@34)LR-1995

Then add the postal code for your area....

GTjsfSB(7@34)LR-1995/2043

Voila, you have a password that is easy to remember but will take ages to crack....

"It would take a desktop PC about 285 nonillion years to crack your password"
https://howsecureismypassword.net/

Ouch. Or you can just use iCloud Keychain should you have an Apple device. One of the best enhancements to come with iOS 7 and OS X Mavericks.
 

redarrow

Expert Member
Joined
Dec 30, 2005
Messages
2,371
How often do people's bank accounts/other online accounts get hacked by crackers using brute force techniques compared to say phishing or virus/keylogging attacks?

I think the whole password complexity argument is over rated, I get irritated with websites that force things like "must have numbers and capital letters and some special characters". It doesn't matter if your password is a billion characters long if you fall for some stupid phishing attack or install random crap/open spam attachments and so on.

Of course using 'password' or '123456' is obviously a stupid idea.
 

grim

Expert Member
Joined
Jan 6, 2006
Messages
3,733
Ouch. Or you can just use iCloud Keychain should you have an Apple device. One of the best enhancements to come with iOS 7 and OS X Mavericks.

Or the built in Windows credential manager that has been around since XP :whistling:
 

Azimuth

Expert Member
Joined
Sep 25, 2013
Messages
2,298
If you can vouch for it then by all means. :D Another popular service is 1Password. Thank f**k I've moved away from my same "complex" password across a zillion sites, which I am aware is a big no-no.
 
Last edited:

Nephew_

Senior Member
Joined
Sep 2, 2009
Messages
669
In reality, how many failed attempts does reputable sites allow? Lets say you want to hack into my gmail. I have an easy password like harry8. https://howsecureismypassword.net/ says it can be cracked in 0.5 s.
And it probably guessed names and numbers, but got there after about 5000 attempts. How does it know it is correct?
If you have a bot or something that try to login to gmail with every guess, how long will it take google to ban your IP.
I am quite sure it will not allow more than 20, 50 or even a 100 failed attempts.

So how much does complexity really mean here?
 

The Trutherizer

Expert Member
Joined
May 20, 2010
Messages
4,881
It's a little scary that the report deals with a substantial number of medium to excellent passwords and they were still all compromised.
 

Hamish McPanji

Honorary Master
Joined
Oct 29, 2009
Messages
41,372
In reality, how many failed attempts does reputable sites allow? Lets say you want to hack into my gmail. I have an easy password like harry8. https://howsecureismypassword.net/ says it can be cracked in 0.5 s.
And it probably guessed names and numbers, but got there after about 5000 attempts. How does it know it is correct?
If you have a bot or something that try to login to gmail with every guess, how long will it take google to ban your IP.
I am quite sure it will not allow more than 20, 50 or even a 100 failed attempts.

So how much does complexity really mean here?

The key is to gain access to the files/database that stores the passwords rather than the website. All the genuine hacking occurs in that way. That way you have ample time to crack online or directly on the db or admin script. Brute forcing a website maybe worked in the early 90's and will never work now (except COJ maybe)

A lot of websites will automatically block after 3-5 attempts, or at least start using captcha or similar security schemes to prevent a password
 

NeonNinja

Neon Resident
Joined
Nov 22, 2009
Messages
22,820
Easier solution, make up a sentence that's easy to remember

ie: SpotWasFredsDogBobbinWasSallysDog

3 duodecillion years to crack that

BTW thanks for your password and address.

But most places require 8 character passwords.
 
Top