Comments on: Top 500 worst passwords http://boingboing.net/2009/01/02/top-500-worst-passwo.html Brain candy for Happy Mutants Tue, 18 Jun 2013 06:45:00 +0000 hourly 1 http://wordpress.org/?v=3.4.1 By: TEKNA2007 http://boingboing.net/2009/01/02/top-500-worst-passwo.html#comment-368902 TEKNA2007 Wed, 30 Nov -0001 00:00:00 +0000 #comment-368902 rundgren@10 <i>rush2112 FTW!</i> AAPOTSF - Attention all planets of the Solar Federation! change_on_install rundgren@10

rush2112 FTW!

AAPOTSF – Attention all planets of the Solar Federation!

change_on_install

]]> By: Craigger1 http://boingboing.net/2009/01/02/top-500-worst-passwo.html#comment-368909 Craigger1 Wed, 30 Nov -0001 00:00:00 +0000 #comment-368909 I'm thinking that some government agency needs to be monitoring what some of these people are doing on the Internet! I’m thinking that some government agency needs to be monitoring what some of these people are doing on the Internet!

]]> By: misshallelujah http://boingboing.net/2009/01/02/top-500-worst-passwo.html#comment-368911 misshallelujah Wed, 30 Nov -0001 00:00:00 +0000 #comment-368911 I'm going to have to second the question: Why "abgrtyu"? It's pretty much the only one on the entire list for which I can't fathom the use of, much less the easy guessing of... I’m going to have to second the question:

Why “abgrtyu”?

It’s pretty much the only one on the entire list for which I can’t fathom the use of, much less the easy guessing of…

]]> By: Anonymous http://boingboing.net/2009/01/02/top-500-worst-passwo.html#comment-1143825 Anonymous Wed, 30 Nov -0001 00:00:00 +0000 #comment-1143825 the best password is virus so that when hackers are hacking and the password displays to them they read Virus and they will be like we got an error and they keep trying lol :p the best password is virus so that when hackers are hacking and the password displays to them they read Virus and they will be like we got an error and they keep trying lol :p

]]> By: Anonymous http://boingboing.net/2009/01/02/top-500-worst-passwo.html#comment-948504 Anonymous Wed, 30 Nov -0001 00:00:00 +0000 #comment-948504 ThunderBird@%50001 ThunderBird@%50001

]]> By: Anonymous http://boingboing.net/2009/01/02/top-500-worst-passwo.html#comment-369689 Anonymous Wed, 30 Nov -0001 00:00:00 +0000 #comment-369689 I've always gone by Clifford Stoll's (author of "The Cuckoo's Egg") idea for passwords: two or three short words along with a number. It's easy to remember and hard to crack, especially if you use words in languages other than English and in different orders. Examplea: oui62bub, tadquoi99, icktern153 Any password can be broken in time by brute force (testing all possible alphanumeric passwords one by one) so these are as secure as any. I’ve always gone by Clifford Stoll’s (author of “The Cuckoo’s Egg”) idea for passwords: two or three short words along with a number.

It’s easy to remember and hard to crack, especially if you use words in languages other than English and in different orders.

Examplea: oui62bub, tadquoi99, icktern153

Any password can be broken in time by brute force (testing all possible alphanumeric passwords one by one) so these are as secure as any.

]]> By: Anonymous http://boingboing.net/2009/01/02/top-500-worst-passwo.html#comment-369438 Anonymous Wed, 30 Nov -0001 00:00:00 +0000 #comment-369438 I tend to use an 11 letter password, exchanging I's for ones, and O's with zero, which gives me a medium secure result. However, for real security, gibberish is best, or special characters like €…¼¥vP-kï·8â›ú£d+ËÖ™|¹¤ÙTâ¢). I tend to use an 11 letter password, exchanging I’s for ones, and O’s with zero, which gives me a medium secure result. However, for real security, gibberish is best, or special characters like €…¼¥vP-kï·8â›ú£d+ËÖ™|¹¤ÙTâ¢).

]]> By: Uncle_Max http://boingboing.net/2009/01/02/top-500-worst-passwo.html#comment-368938 Uncle_Max Wed, 30 Nov -0001 00:00:00 +0000 #comment-368938 @38 bcsizemo: "I want to know how many people under 25 even have a clue as to what THX1138 even is? Hell I could ask most people over 30 and I bet less than 20% would have a clue." I'd say it's more than you'd think, since as Lucas' first feature-length movie anybody who is into film/geekdom will have at least heard of it at some point. Whether or not they've seen it is a different story. You might have better luck using "THX-1138 4EB" as a password though, or any of the random character names. @38 bcsizemo: “I want to know how many people under 25 even have a clue as to what THX1138 even is? Hell I could ask most people over 30 and I bet less than 20% would have a clue.”

I’d say it’s more than you’d think, since as Lucas’ first feature-length movie anybody who is into film/geekdom will have at least heard of it at some point. Whether or not they’ve seen it is a different story. You might have better luck using “THX-1138 4EB” as a password though, or any of the random character names.

]]> By: notKeith http://boingboing.net/2009/01/02/top-500-worst-passwo.html#comment-369450 notKeith Wed, 30 Nov -0001 00:00:00 +0000 #comment-369450 I create excellent hard-to-break passwords by using alt+keypad combinations on my stoopid windoes computer: alt+0222 is Þ alt+0241 is ñ alt+0153 is ™ alt+0169 is © You g¡t thé drift... I create excellent hard-to-break passwords by using alt+keypad combinations on my stoopid windoes computer:

alt+0222 is Þ
alt+0241 is ñ
alt+0153 is â„¢
alt+0169 is ©

You g¡t thé drift…

]]> By: Peter http://boingboing.net/2009/01/02/top-500-worst-passwo.html#comment-368429 Peter Wed, 30 Nov -0001 00:00:00 +0000 #comment-368429 Surprised 'swordfish' isn't on the list. Surprised ‘swordfish’ isn’t on the list.

]]> By: RedShirt77 http://boingboing.net/2009/01/02/top-500-worst-passwo.html#comment-368430 RedShirt77 Wed, 30 Nov -0001 00:00:00 +0000 #comment-368430 I always thought the worst one was the one taped to my screen I always thought the worst one was the one taped to my screen

]]> By: jeremedia http://boingboing.net/2009/01/02/top-500-worst-passwo.html#comment-368431 jeremedia Wed, 30 Nov -0001 00:00:00 +0000 #comment-368431 This is the third time I've seen a link to this list, yet I've never seen the actual list due to the site being destroyed by the incoming traffic. This is the third time I’ve seen a link to this list, yet I’ve never seen the actual list due to the site being destroyed by the incoming traffic.

]]> By: GeekMan http://boingboing.net/2009/01/02/top-500-worst-passwo.html#comment-368432 GeekMan Wed, 30 Nov -0001 00:00:00 +0000 #comment-368432 "So the password is: '12345'? That's the stupidest password I've ever heard! That's the kind of thing an idiot puts on his luggage!" At least essential one thing I need to know for IT, I learned from SpaceBalls. “So the password is: ’12345′?

That’s the stupidest password I’ve ever heard! That’s the kind of thing an idiot puts on his luggage!”

At least essential one thing I need to know for IT, I learned from SpaceBalls.

]]> By: classic01 http://boingboing.net/2009/01/02/top-500-worst-passwo.html#comment-368435 classic01 Wed, 30 Nov -0001 00:00:00 +0000 #comment-368435 In my experience in average the most repetitive passwords are "test", "temp", "asdf" Also there were quite a few passwords that had some simple name with "123" after. As a Microsoft security expert once suggested. The best passwords (when the field allows it) are made of a simple and long phrase. It is easy to remember and impossible to guess. In my experience in average the most repetitive passwords are “test”, “temp”, “asdf” Also there were quite a few passwords that had some simple name with “123″ after.

As a Microsoft security expert once suggested. The best passwords (when the field allows it) are made of a simple and long phrase. It is easy to remember and impossible to guess.

]]> By: lpetrazickis http://boingboing.net/2009/01/02/top-500-worst-passwo.html#comment-369459 lpetrazickis Wed, 30 Nov -0001 00:00:00 +0000 #comment-369459 I think "abgrtyu" is a plagiarism preventer, to be able to tell when another site has stolen the list. Similarly, dictionary publishers like to add a fake word to each edition of their dictionary to make sure no one's stealing content. I think “abgrtyu” is a plagiarism preventer, to be able to tell when another site has stolen the list. Similarly, dictionary publishers like to add a fake word to each edition of their dictionary to make sure no one’s stealing content.

]]> By: Zan http://boingboing.net/2009/01/02/top-500-worst-passwo.html#comment-368436 Zan Wed, 30 Nov -0001 00:00:00 +0000 #comment-368436 Why is "0" on the list twice? Why is “0″ on the list twice?

]]> By: Midtownhipster http://boingboing.net/2009/01/02/top-500-worst-passwo.html#comment-368438 Midtownhipster Wed, 30 Nov -0001 00:00:00 +0000 #comment-368438 Two of my friends have these bike locks which require you to set the combo on purchase. If you don't set it it's 0000. And yes that is their combination because they didn't bother to read the directions. http://www.amazon.com/Schwinn-12MM-Cable-Combo-Bicycle/dp/B000DZGLSW Two of my friends have these bike locks which require you to set the combo on purchase. If you don’t set it it’s 0000. And yes that is their combination because they didn’t bother to read the directions.

http://www.amazon.com/Schwinn-12MM-Cable-Combo-Bicycle/dp/B000DZGLSW

]]> By: Anonymous http://boingboing.net/2009/01/02/top-500-worst-passwo.html#comment-524343 Anonymous Wed, 30 Nov -0001 00:00:00 +0000 #comment-524343 I'm not techy at all, but I have used those weird alphanumeric codes that you must decipher when getting a new email addy. I also use only the first letter of a foreign language phrase with a few numbers that mean something to me, thus easy to remember. They show as "strong". I don't live in California, but I love their license plate numbers. I’m not techy at all, but I have used those weird alphanumeric codes that you must decipher when getting a new email addy. I also use only the first letter of a foreign language phrase with a few numbers that mean something to me, thus easy to remember. They show as “strong”. I don’t live in California, but I love their license plate numbers.

]]> By: Dewi Morgan http://boingboing.net/2009/01/02/top-500-worst-passwo.html#comment-389434 Dewi Morgan Wed, 30 Nov -0001 00:00:00 +0000 #comment-389434 #89: It's a common myth that these forms of obfuscation are worthwhile. However, p4s5W0rD has only about 16 bits more potential randomness than the unmunged word "password": one bit per letter for the number substitutions, and one bit per letter for the capitals. Most cracking scripts are well aware of number substitution and case shifting, so neither adds anything significant to the password. Adding three additional characters would be easier to remember and to type, and harder to crack: passwordskx, for example. However, as has already been said, it is all relative. 16 bits more protection is 16 bits, and if you're not protecting something important enough to tunnel encryptedly over the wifi, and use a full passphrase, then sure, messing with case and kiboizing the text will add some small layer of protection. #89: It’s a common myth that these forms of obfuscation are worthwhile. However, p4s5W0rD has only about 16 bits more potential randomness than the unmunged word “password”: one bit per letter for the number substitutions, and one bit per letter for the capitals. Most cracking scripts are well aware of number substitution and case shifting, so neither adds anything significant to the password. Adding three additional characters would be easier to remember and to type, and harder to crack: passwordskx, for example.

However, as has already been said, it is all relative. 16 bits more protection is 16 bits, and if you’re not protecting something important enough to tunnel encryptedly over the wifi, and use a full passphrase, then sure, messing with case and kiboizing the text will add some small layer of protection.

]]> By: Anonymous http://boingboing.net/2009/01/02/top-500-worst-passwo.html#comment-368699 Anonymous Wed, 30 Nov -0001 00:00:00 +0000 #comment-368699 It's about time someone threw that Hacker quote in there. First thing I thought of... It’s about time someone threw that Hacker quote in there. First thing I thought of…

]]> By: adjusttint http://boingboing.net/2009/01/02/top-500-worst-passwo.html#comment-683324 adjusttint Wed, 30 Nov -0001 00:00:00 +0000 #comment-683324 no prisoner transfer from no
prisoner transfer from

]]> By: Anonymous http://boingboing.net/2009/01/02/top-500-worst-passwo.html#comment-561214 Anonymous Wed, 30 Nov -0001 00:00:00 +0000 #comment-561214 "Nos0illegitimi1non2tatum3carborundum." BEAT that password (and yes i use the quotations also) :-P “Nos0illegitimi1non2tatum3carborundum.”
BEAT that password (and yes i use the quotations also) :-P

]]> By: Anonymous http://boingboing.net/2009/01/02/top-500-worst-passwo.html#comment-368703 Anonymous Wed, 30 Nov -0001 00:00:00 +0000 #comment-368703 I hate to ask this, but how in the heck would the author know these are the top 500? I hate to ask this, but how in the heck would the author know these are the top 500?

]]> By: Anonymous http://boingboing.net/2009/01/02/top-500-worst-passwo.html#comment-561472 Anonymous Wed, 30 Nov -0001 00:00:00 +0000 #comment-561472 Secure passwords are easy if you simply take your favorite lyrics or sayings and use the first letter of each word. They can be really long and then throw in the name of the site or group you are working in so the bots don't guess it. GMAIL PASSWORD = bjinmlsjagwctiatoggmail "Billie jean is not my lover Shes just a girl who claims that I am the one" Easy to remember and HARD to crack Secure passwords are easy if you simply take your favorite lyrics or sayings and use the first letter of each word.

They can be really long and then throw in the name of the site or group you are working in so the bots don’t guess it.

GMAIL PASSWORD = bjinmlsjagwctiatoggmail

“Billie jean is not my lover
Shes just a girl who claims that I am the one”

Easy to remember and HARD to crack

]]> By: Anonymous http://boingboing.net/2009/01/02/top-500-worst-passwo.html#comment-382528 Anonymous Wed, 30 Nov -0001 00:00:00 +0000 #comment-382528 i find the most secure passwords are just an easy to remember word written in 1337. alternate caps and numbers. "p4s5W0rD" is alot more secure than "password". i find the most secure passwords are just an easy to remember word written in 1337. alternate caps and numbers. “p4s5W0rD” is alot more secure than “password”.

]]> By: Benth http://boingboing.net/2009/01/02/top-500-worst-passwo.html#comment-368962 Benth Wed, 30 Nov -0001 00:00:00 +0000 #comment-368962 "abgrtyu": Watch what your fingers do when you type it. Only explanation I can think of. “abgrtyu”: Watch what your fingers do when you type it. Only explanation I can think of.

]]> By: Sunfell http://boingboing.net/2009/01/02/top-500-worst-passwo.html#comment-368707 Sunfell Wed, 30 Nov -0001 00:00:00 +0000 #comment-368707 My firewall warned me that this site tried to access 'illmob.com', which is apparently a malware site. Fortunately, the firewall blocked it. :pats firewall software: My firewall warned me that this site tried to access ‘illmob.com’, which is apparently a malware site. Fortunately, the firewall blocked it.

:pats firewall software:

]]> By: Anonymous http://boingboing.net/2009/01/02/top-500-worst-passwo.html#comment-369475 Anonymous Wed, 30 Nov -0001 00:00:00 +0000 #comment-369475 To #37 #19 and #6 regarding the appearance of two zeros in the list. Best explanation I saw on this was spreadsheet truncation. Depending on your settings any length of string consisting of only zeros stands to be truncated into a single zero. Not sure if it was truncated in the original or in the process of moving. But it seemed like a good reason and though I would virus it on over. Anonymous To #37 #19 and #6 regarding the appearance of two zeros in the list. Best explanation I saw on this was spreadsheet truncation. Depending on your settings any length of string consisting of only zeros stands to be truncated into a single zero. Not sure if it was truncated in the original or in the process of moving. But it seemed like a good reason and though I would virus it on over.

Anonymous

]]> By: batu b http://boingboing.net/2009/01/02/top-500-worst-passwo.html#comment-368452 batu b Wed, 30 Nov -0001 00:00:00 +0000 #comment-368452 the best password generator I've heard of is the acronym for a simple phrase, which generates nonsense, but is easy to remember. such as "this password is nonsense but is easy to remember" provides the password "tpinbietr" the best password generator I’ve heard of is the acronym for a simple phrase, which generates nonsense, but is easy to remember. such as
“this password is nonsense but is easy to remember”
provides the password
“tpinbietr”

]]> By: Dante http://boingboing.net/2009/01/02/top-500-worst-passwo.html#comment-368708 Dante Wed, 30 Nov -0001 00:00:00 +0000 #comment-368708 Casper? Hmmm. These passwords sounds like beatnik poetry where read aloud from left to right. I suspect a coupla band name'll arise from this list. Casper? Hmmm. These passwords sounds like beatnik poetry where read aloud from left to right. I suspect a coupla band name’ll arise from this list.

]]>