500 worst passwords

Phlip

Ah, but can I name a new family pet after an old password? Hmm?

Here, YCNc&h*!

regeya

I won’t make the same mistake I did on Digg; I mentioned I had a self-written pwgen on my desktop along with an example of output.

I swear, Ted Frickin’ T’so writes pwgen, and nobody else is ever supposed to write one. ;-D

berpi

I can’t find the word “chocolate”, and still a while back I had the chance to see a university ‘passwd’ file which had gone through a dictionary attack, and “chocolate” was the most popular password found.

JonStewartMill

I used to use something I saw on a hot-rodder’s custom license plate: idoxlr8.

SKR

What, no “god”?

Jens

There are also easy ways to generate nice passwords:
https://passwd.me/

Or even use bookmarklet to fill required passwords on web forms with 1 click:
https://passwd.me/nifties/

Church

By “Link” I assume you mean something different than the usual?

Ernunnos

CPE1704TKS

Anonymous

LOL Thought I was the only one to use the War Games Launch code. Wait… Joshua, is that you?

Alan

I am always amazed that “open sesame” is never on these lists.

Anonymous

BOSCO

’nuff said

PapayaSF

A couple of years ago I did a website for a smallish company. Once it was ready to be uploaded, I asked for their FTP info. They wouldn’t give it to me: security, you know. It was just a static “brochure” site, not for a bank, no ecommerce, nothing. It was like refusing to give your mechanic the keys to your ’88 Civic because you’re afraid he’d steal it. So I emailed them a zip file of the site, but they couldn’t figure out how to open it (wtf?). Finally, they broke down and gave me their login info. The security-mad client’s password turned out to be 12345678.

Sork

Now write a short story using these words.

Anonymous

TYPO!

OU182 should be OU812.

Anonymous

Anyone looking to handle and share passwords around should take a look at LassPass.com (https://www.lastpass.com/)

It provides a simple browser plugin that allows you to generate secure passwords, fill in web forms and also to securely share specific passwords with trusted others.

Works well for me, anyway.

Anonymous

“The knob!” cried Goodgulf.

Anonymous

Why don’t they make a system that compares a new password to a list like this or a dictionary with a few mods like adding 1 to the end and if detected refuses the password and states why.

Simple really.

Anonymous

What makes you think they haven’t? There are plugins for some operating systems which do just that.

Sam!

The list seems obscure, most of the modern login systems won’t even let the user enter simple password like 123456. Most modern system even Window or Unix system require you to enter alpha numeric characters and some go to extent for you to enter a special character also.

Anonymous

How do you remember those good passwords though? Mine isn’t as bad as these listed but someone in my family or a very close friend might eventually guess it. So if I used a truly perfect password, random string of letters and numbers, how would I remember it. you never write a password down, right?

spejic

Length makes a password exponentially harder to crack (as long as you are not using one word), so a good way to make a hard to break password that is memorable is to make a phrase (but not a cliche phrase). “MyDogRexOwns4Robots” is a better than “hy4IInXL”, and it’s much easier to remember.

Crashproof

What, no mellon or xyzzy? Not nerdy enough.

tobergill

i find a good compromise between security and rememberability is to think of a favorite song, then pick a memorable line and use the first letter of each word. so, “You ain’t nothing but a houndog, crying all the time” becomes “yanbahcatt”. Pretty much unguessable. throw in a little leet speak and voila!

KeithIrwin

Pretty much unguessable unless other people like the same songs you do. In practice, a lot of people chose the same song lyrics, which makes the technique less useful.

Sork

The Plague: Our recent unknown intruder penetrated using the superuser account, giving him access to our whole system.

Margo: Precisely what you’re paid to prevent.

The Plague: Someone didn’t bother reading my carefully prepared memo on commonly-used passwords. Now, then, as I so meticulously pointed out, the four most-used passwords are: love, sex, secret, and…

Margo: [glares at The Plague]

The Plague: god. So, would your holiness care to change her password?

/Hackers (1995)

the r kelly

Here’s a story: I used to work for a major bank in their customer service call center in their high-net-worth individual department. The guy next to me was helping a customer with his internet banking and had to ask him for his user name. The customer is sitting IN THE BRANCH with his private banker. My coworker then repeats aloud “ok…Cocaine Anonymous 1…gotcha.”

License Farm

“So the combination is 12345. That’s the stupidest combination I’ve ever heard! It’s the sort of combination an idiot would have on his luggage!”

…

“’12345′? That’s incredible! I have the same combination on my luggage!”

Actually, I have to assume “EAGLE1″ being on this list is an inside joke, seeing as that was Lone Star’s Winnebago in SPACEBALLS.

KeithIrwin

Wow. You know what this reminds me of? It reminds me of a story on BoingBoing. http://boingboing.net/2009/01/02/top-500-worst-passwo.html

In fact, it’s the exact same list, just hand-written. The older BoingBoing story, by the way, is the top Google result for “500 worst passwords” and is taken from the same source that’s written down the side of the piece of paper.

teapot

10 from the bottom in 3rd column… Don’t they mean gandAlf? I’m sure the correct spelling of his name is more popular than a typo verion.

Also I’m ashamed to say that one of my teenage passwords is on there…but just one.