Democratic Underground Latest Greatest Lobby Journals Search Options Help Login
Google

The ten worst passwords on the web..

Printer-friendly format Printer-friendly format
Printer-friendly format Email this thread to a friend
Printer-friendly format Bookmark this thread		 This topic is archived.
Home » Discuss » Archives » General Discussion (1/22-2007 thru 12/14/2010) Donate to DU
 
Fumesucker Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Jan-27-10 01:30 PM
Original message
The ten worst passwords on the web..
http://www.gizmag.com/worst-passwords-on-the-web/13960/?utm_source=Gizmag+Subscribers&utm_campaign=34a62e87a9-UA-2235360-4&utm_medium=email

You’re not fooling anyone with that “123456” password of yours. “Password” isn’t much better, and sorry ladies, but “princess” is also no good. These are among the findings in a report released by Imperva, a data security firm that analyzed 32 million passwords recently exposed in the Rockyou.com breach. Not only did they identify the most common, and thus easily-guessable passwords, but they also suggested some effective methods for creating secure ones.

Rockyou.com is a website where users can develop apps to use on social networking sites. Last December, a hacker gained access to all of Rockyou’s members’ usernames, email addresses and passwords (which had been stored in plain, unencrypted text) and posted the passwords to the Internet. Given that many people use the same username and password for all of their online dealings, such as banking, the results could have been disastrous. Fortunately, the perpetrator seemed to be mainly interested in exposing Rockyou’s insufficient security, as they didn’t post the usernames or emails.

Imperva analyzed the hacked data, and compiled their findings in the Consumer Password Worst Practices report. Of the 32 million passwords involved, the ten most common were:


More at the link..
Printer Friendly | Permalink |  | Top
Cirque du So-What Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Jan-27-10 01:33 PM
Response to Original message
1. Dammit, who's been mucking about in my computer?
Some of my 'golden oldies' are bandied about, and I KNOW nobody else could come up with anything so clever as my passwords!
Printer Friendly | Permalink |  | Top
 
Pryderi Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Jan-27-10 01:36 PM
Response to Original message
2. Whatever Dr. Stephen Falken used in "Wargames"
Printer Friendly | Permalink |  | Top
 
-..__... Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Jan-27-10 01:37 PM
Response to Reply #2
3. "Joshua"
Printer Friendly | Permalink |  | Top
 
RedCloud Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Jan-27-10 01:39 PM
Response to Original message
4. What about "Opensaysme"?
Printer Friendly | Permalink |  | Top
 
MineralMan Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Jan-27-10 02:07 PM
Response to Reply #4
9. Hey! You misspelled my password.
Its opensezme. Oh, noes...I've gone and exposed my password. I'm so hosed.
Printer Friendly | Permalink |  | Top
 
hfojvt Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Jan-27-10 01:40 PM
Response to Original message
5. dang it! Now I am gonna have to change the combination on my luggage!
does "drinkyourovaltine" work?
Printer Friendly | Permalink |  | Top
 
Lance_Boyle Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Jan-27-10 02:02 PM
Response to Reply #5
7. BOSCO! n/t

Printer Friendly | Permalink |  | Top
 
RedCloud Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Jan-27-10 02:10 PM
Response to Reply #7
13. I think Kroger has Bosco!
Printer Friendly | Permalink |  | Top
 
MineralMan Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Jan-27-10 02:08 PM
Response to Reply #5
10. I got one of those word locks for mine. I got the idea for my password
from the ad. It's "poop" Nobody will ever think of that one.
Printer Friendly | Permalink |  | Top
 
hfojvt Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Jan-27-10 02:26 PM
Response to Reply #10
20. you'd be safer, if you took the extra precaution
of spelling it sdrawkcab
Printer Friendly | Permalink |  | Top
 
MineralMan Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Jan-27-10 02:35 PM
Response to Reply #20
22. Great idea! I'll change it at once.
Printer Friendly | Permalink |  | Top
 
dbonds Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Jan-27-10 01:57 PM
Response to Original message
6. They left off another common one 'secret'
Printer Friendly | Permalink |  | Top
 
enlightenment Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Jan-27-10 02:05 PM
Response to Original message
8. I agree that we need to be more careful, but 'smart' passwords
are a royal pain in the arse to recall (and of course we're not supposed to write them down, either).

Some of their recommendations don't work, either - not every system is case sensitive, for instance, and not all of them allow the use of symbols. Add to that the average number of numbers (not number/letter/symbol combos) a person can recall is seven . . .

The security system my college uses for our online grading (for instructors) requires a minimum of eleven characters, with at least one number and one symbol (certain symbols, some cannot be used at all). I forget it every single semester - apparently everyone else does, also, because they originally made us call to have it reset; now they just let us do it ourselves . . .

Frustrating.
Printer Friendly | Permalink |  | Top
 
MineralMan Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Jan-27-10 02:10 PM
Response to Reply #8
11. I always write those hard passwords down and carry them in
my wallet, or write them on a sticky note and put it on my desk. Nobody'll ever figure out what those are, I'm sure.
Printer Friendly | Permalink |  | Top
 
enlightenment Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Jan-27-10 02:40 PM
Response to Reply #11
23. *snork*
:rofl:

Printer Friendly | Permalink |  | Top
 
Lance_Boyle Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Jan-27-10 03:16 PM
Response to Reply #11
25. not the worst solution in the world
WAY better than taped to the monitor, or stuck in a desk drawer. Think about it - most of us know when our wallets have gone missing. We call banks to notify them of missing cards, etc. The same call to IT to reset a PW stored in a wallet would be simple to make, and would likely happen before whoever took the wallet has a chance to attempt machine access. If people are going to write down PWs, the wallet is PRECISELY the place to keep them.

Printer Friendly | Permalink |  | Top
 
Q3JR4 Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Jan-27-10 02:10 PM
Response to Original message
12. You could do what I do.
Pick a phrase like "The boys are back in town" and make it TBABIT, add some numbers, an exclamation point, and change the capitalization: "TbAbIt!954". Then change it for each thing you use it for thusly:
For Wellsfargo it would be TbAbIt!945WF.
For yahoo it would be TbAbIt!945y, etc.

Q3JR4
Disclaimer disclaimer, the preceding passwords have never been used by Q3JR4.
Printer Friendly | Permalink |  | Top
 
MineralMan Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Jan-27-10 02:15 PM
Response to Reply #12
14. OK...logging on as you now...
Printer Friendly | Permalink |  | Top
 
Q3JR4 Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Jan-27-10 02:33 PM
Response to Reply #14
21. I suppose you could try.
Edited on Wed Jan-27-10 02:35 PM by Q3JR4
:)

Turns out my password for DU (and my various email accounts) are alphanumeric and don't repeat. Fortunately I only have five different accounts, so was only forced to memorize four or five different passwords. And I've changed all my passwords recently. It's a pain but it minimizes issues with people guessing my passwords.

Q3JR4.
Printer Friendly | Permalink |  | Top
 
Q3JR4 Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Jan-27-10 02:45 PM
Response to Reply #12
24. Something else people forget about,
Edited on Wed Jan-27-10 02:55 PM by Q3JR4
Remember Sarah Palin? How her email account was hacked. Turns out the hacker was able to do it because he was able to answer her password reset questions....Ooops.

To minimize the chance of this happening you could always, once again, do what I do:
If the question is, "Who is your favorite uncle?" rather than answer directly I put something snarky at the beginning. So my hypothetical answer (which I haven't actually used) would be "ThatsAStupidQuestion Uncle George".

Just make sure you can remember what you write so that if worse comes to worse you can still reset. If that seems complicated you could just lie, I don't even have an Uncle George.

Or...you know...maybe I DO.

Q3JR4.
Printer Friendly | Permalink |  | Top
 
EnviroBat Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Jan-27-10 02:16 PM
Response to Original message
15. I always change my password to something that's impossible
Edited on Wed Jan-27-10 02:16 PM by EnviroBat
to remember for more than 10 seconds. That way NOBODY has it!

eHU7%1fJJ43e%Il2010farT7hH1
Printer Friendly | Permalink |  | Top
 
Jokerman Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Jan-27-10 02:21 PM
Response to Original message
16. I forced our users to use complex passwords...
Now, several of them have their passwords written down somewhere near their workstation.

My boss has his on a post-it note attached to his monitor.
Printer Friendly | Permalink |  | Top
 
Lance_Boyle Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Jan-27-10 03:26 PM
Response to Reply #16
26. Tell them to keep 'em in their wallets, next to the credit cards.
No, I am not kidding.

Them's the breaks when you force secure PWs, and especially frequent changes. Mitigate the risk by storing the written-down PWs in a place where people will notice when they're missing, and will hopefully remember to inform you when it happens.
Printer Friendly | Permalink |  | Top
 
Kerrytravelers Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Jan-27-10 02:21 PM
Response to Original message
17. I just forwarded this to a friend who uses 123456 for everything.
Even their ATM PIN number. :eyes:
Printer Friendly | Permalink |  | Top
 
rucky Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Jan-27-10 02:23 PM
Response to Original message
18. iforgot
was the only one I could always remember
Printer Friendly | Permalink |  | Top
 
SoCalDem Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Jan-27-10 02:23 PM
Response to Original message
19. I once had a boss who changed the safe combination to MY birthday
I kept forgetting, so he fixed it:rofl:

another time, a place I worked had, as the front desk computer password....
"honesty"
Printer Friendly | Permalink |  | Top
 
DU AdBot (1000+ posts) Click to send private message to this author Click to view this author's profile Click to add this author to your buddy list Click to add this author to your Ignore list Tue May 07th 2024, 01:53 AM
Response to Original message
Advertisements [?]
 Top

Home » Discuss » Archives » General Discussion (1/22-2007 thru 12/14/2010) Donate to DU

Powered by DCForum+ Version 1.1 Copyright 1997-2002 DCScripts.com
Software has been extensively modified by the DU administrators

Important Notices: By participating on this discussion board, visitors agree to abide by the rules outlined on our Rules page. Messages posted on the Democratic Underground Discussion Forums are the opinions of the individuals who post them, and do not necessarily represent the opinions of Democratic Underground, LLC.

Home  |  Discussion Forums  |  Journals |  Store  |  Donate

About DU  |  Contact Us  |  Privacy Policy

Got a message for Democratic Underground? Click here to send us a message.

© 2001 - 2011 Democratic Underground, LLC