Worst passwords in the world

Making complex passwords is really, really easy.....

Take all the initials of all the members of your family.....

George
Trudy
Jake
Sally
Fred

Then add your pets

Spot
Bobbin

So now you have...

gtjsfsb

Capitalise the parents and the animals...

GTjsfSB

Add the number of people and pets staying at your location (number of your house)....

GTjsfSB(7@34)

Then add the name of your street.... (e.g. LaCoste Road - LR)

GTjsfSB(7@34)LR

Then add the year that you moved into that house....

GTjsfSB(7@34)LR-1995

Then add the postal code for your area....

GTjsfSB(7@34)LR-1995/2043

Voila, you have a password that is easy to remember but will take ages to crack....

"It would take a desktop PC about 285 nonillion years to crack your password"
https://howsecureismypassword.net/
 
Garyvdh said:
Making complex passwords is really, really easy.....

Take all the initials of all the members of your family.....

George
Trudy
Jake
Sally
Fred

Then add your pets

Spot
Bobbin

So now you have...

gtjsfsb

Capitalise the parents and the animals...

GTjsfSB

Add the number of people and pets staying at your location (number of your house)....

GTjsfSB(7@34)

Then add the name of your street.... (e.g. LaCoste Road - LR)

GTjsfSB(7@34)LR

Then add the year that you moved into that house....

GTjsfSB(7@34)LR-1995

Then add the postal code for your area....

GTjsfSB(7@34)LR-1995/2043

Voila, you have a password that is easy to remember but will take ages to crack....

"It would take a desktop PC about 285 nonillion years to crack your password"
https://howsecureismypassword.net/
Click to expand...

Liar, I tried to login using the password above , it failed ;)
 
Better still, make up a formula and use said formula on each website or location that you need a password.

This will ensure that the password is unique in its application as well.
 
Something that I've never understood is why passwords require numbers.

That is to say, a password cracker will be unaware that my password includes numbers. So, it cannot assume that my password contains letters only, and must also check possibilities that include numbers, even if my password contains no numbers. The only way to be sure that my password includes no numbers is to crack it!

Yes, if you are doing a brute force attack, then it matters, but then it only does because the password is shorter without a number (in most cases). If you simply substitute a letter for a number, then it makes no difference to a brute force password cracker.

If the password cracker is using a dictionary attack (ie a pre generated list of common passwords), then that dictionary attack will usually include common variants of your password. So, it will have password1 as well as password, etc etc. So your password gets cracked anyway.

I think the two best guides for password security are 1) using longer passwords, 2) avoiding common dictionary words or phrases.
 
Garyvdh said:
You just made it longer... not more complex.
Click to expand...

A password doesn't have to be complex to be secure, a long passphrase is easier to remember than a shorter complex password and is probably more secure than a complex password as the chances of the user writing it down is decreased as it's easy to remember for one.
 
Facebook, Google, Yahoo, Twitter and LinkedIn... mostly throwaway sites and I don't use strong passwords as I save those for the places that matter. Otherwise it will promote a weakness if those sites (Fb,Y!,#) get compromised.
 
Awesome! My Qwerty123456 is rated as very strong! 96% nogal - never scored as high in any test ever before!

And it is easy to remember!
 
Ancalagon said:
Something that I've never understood is why passwords require numbers.

That is to say, a password cracker will be unaware that my password includes numbers. So, it cannot assume that my password contains letters only, and must also check possibilities that include numbers, even if my password contains no numbers. The only way to be sure that my password includes no numbers is to crack it!

Yes, if you are doing a brute force attack, then it matters, but then it only does because the password is shorter without a number (in most cases). If you simply substitute a letter for a number, then it makes no difference to a brute force password cracker.

If the password cracker is using a dictionary attack (ie a pre generated list of common passwords), then that dictionary attack will usually include common variants of your password. So, it will have password1 as well as password, etc etc. So your password gets cracked anyway.

I think the two best guides for password security are 1) using longer passwords, 2) avoiding common dictionary words or phrases.
Click to expand...

The alphabet has 26 characters
Add 10 numbers to that (0 to 9)
Add special characters, and you have a password with enough length that is essentially unbreakable by brute force (takes too long)

By adding the 10 numbers you are adding 10 new characters that need to be tested for, keeping in mind that each single character added increases the time taken to crack exponentially and not linearly.
 
imranpanji said:
The alphabet has 26 characters
Add 10 numbers to that (0 to 9)
Add special characters, and you have a password with enough length that is essentially unbreakable by brute force (takes too long)

By adding the 10 numbers you are adding 10 new characters that need to be tested for, keeping in mind that each single character added increases the time taken to crack exponentially and not linearly.
Click to expand...

You're not getting me though. How does the password cracking algorithm KNOW that I am NOT using numbers? It must assume that I am, in order to crack my passwords.

Yes I know about the exponential increase in password cracking times.

Lets look at the following two passwords: passwordI and password1
Both contain letters, while only the second also contains numbers. My point is, if I am writing a password cracking algorithm, my algorithm must also try numbers, since it does not yet know if the password includes letters only or letters and numbers.
 
It would take a desktop PC about 141 quadrillion nonagintillion years to crack your password crew checking in.

Come at me brohackers.
 
 
Ancalagon said:
You're not getting me though. How does the password cracking algorithm KNOW that I am NOT using numbers? It must assume that I am, in order to crack my passwords.

Yes I know about the exponential increase in password cracking times.

Lets look at the following two passwords: passwordI and password1
Both contain letters, while only the second also contains numbers. My point is, if I am writing a password cracking algorithm, my algorithm must also try numbers, since it does not yet know if the password includes letters only or letters and numbers.
Click to expand...

Typically, especially when cracking (assume offline and cracking for multiple passwords) you will use dictionary + variants , and brute force

For brute force, you will do one set which is just numbers
Another with just common letters / all letters
Another with all letters + numbers
And finally all letters + numbers + symbols

If you use your birth date as password, you will get cracked quickly
If you use letters, it will take longer
If you use a combination, it will take even longer

In the days of windows nt, it was wonderful as if the password length was less than 8 characters it was bloody easy to crack on my '486

Linux /etc/passwd files were not so tough either, but as you mentioned password length is a huge factor. But by running 3-4 brute forces running at the same time on different servers with restricted character sets, the lack of numbers/symbols made a substantial difference in cracking time
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X