Comments on: "Worst passwords" of 2011

By: Edna Garrett

Edna Garrett — Sat, 26 Nov 2011 03:23:00 +0000

Using one basic password with some extra characters the represent the site works fine until some dildo site restricts me to 8 or 10 characters or forces me to use a capital letter and/or a symbol. Three random words strung together is more secure than p4ssworD! but security people for these sites don’t seem to realize this.

By: Mordicai

Mordicai — Sat, 26 Nov 2011 01:24:00 +0000

…well right, that is my point. Having a program that yells at you to add a number or capital letter or symbol mess that up.

By: Samuel Morse

Samuel Morse — Fri, 25 Nov 2011 23:29:00 +0000

Actually, Mord “thestrangeloneliness….” is not such a bad PW. It’s easy for you to remember. but so long that no random testing of it will likely succeed.

By: Ray Harwick

Ray Harwick — Fri, 25 Nov 2011 22:40:00 +0000

To create a password similar to this password: meoadeoalleiakwei2wy

1. Take a phrase from *any* song, the more obscure the song, the better. Use the first letter of *each* word in that phrase.
2. Any word in the phrase that sounds like 2, 4, 8 or 10 (to/two/too, four/fore, ate, tin) use the number(s) in place of the first letter.

Mares Eat Oats And Does Eat Oats And Little Lambs Eat Ivy, A Kid Will Eat Ivy to (2) Wouldn’t You?
(From: Mairzy doats by Kay Kyser) [Mairzy doats and dozy doats and liddle lamzy divey
A kiddley divey too, wooden chew?]
I did this with an original song my dad wrote that only my family knows. It’s pretty secure. I can type it as quickly as my own name: 22 letters and numbers. You will NEVER forget it. Impossible! Just don’t go around your friend or strangers singing the song. LOL!

By: Ryan Lenethen

Ryan Lenethen — Tue, 22 Nov 2011 18:58:00 +0000

I have come to one of three conclusions:
1) People with the names: ashle, bailey, and michael are stupid. Avoid at all costs.
2) The method to which hackers acquire passwords may only break the stupid ones.
3) Hackers probably share information, causing duplication, making statistical analysis stupid.

By: Chris Lesage

Chris Lesage — Tue, 22 Nov 2011 18:14:00 +0000

I suppose “batteryhorsestaple” should be added to this list now that xkcd ruined it.

By: Shibi_SF

Shibi_SF — Tue, 22 Nov 2011 17:57:00 +0000

I see what you said there.

By: mccrum

mccrum — Tue, 22 Nov 2011 17:43:00 +0000

Sure, but at least then you’d know pretty quickly you’d been hacked.

By: Lobster

Lobster — Tue, 22 Nov 2011 14:31:00 +0000

Biometrics keeps getting cheaper, and it’s hard to fake a fingerprint or a retina. Of course then instead of password thefts we have mutilations.

By: spacey slater

spacey slater — Tue, 22 Nov 2011 04:29:00 +0000

What’s going to replace passwords?

By: Shibi_SF

Shibi_SF — Tue, 22 Nov 2011 04:28:00 +0000

I would really prefer a retinal scan or fingerprint scan… Something that doesn’t require me to remember so many multi-character alphanumeric passwords. Please tell me that retinal or fingerprint scans are coming soon!

By: tyrsalvia

tyrsalvia — Tue, 22 Nov 2011 02:19:00 +0000

With the prevalence of keyloggers, passwords simply aren’t very secure anymore. In my professional life, I work for a company that provides a b2b service. We have recently had to deal with a number of customers whose credentials were stolen after phished users unknowingly installed keyloggers on their work machines. Passwords are only as secure as your most credulous user.

It’s all fine and good for us to do our best not to be that most credulous user, but when designing systems in the first place, it’s important to realize that those credulous users are out there. We can try to educate as much as possible, but that’s never going to be good enough to prevent someone from clicking a link to see some “wedding pictures” a supposed lost friend is sending them.

With that in mind, passwords aren’t the last word in security. If we want to be secure, we have to use multiple strategies to verify users rather than depending on a single, easily-compromised strategy.

By: Scott Sanders

Scott Sanders — Tue, 22 Nov 2011 00:43:00 +0000

Bosco should be on the list. As in, George Costanza’s PIN and delicious chocolate syrup. Full disclosure: I’m not only a Bosco lover but also an owner.

By: oasisob1

oasisob1 — Tue, 22 Nov 2011 00:13:00 +0000

Actually, the breach DOES impact everything. The alert reader who gets your password for BB, say, ‘boiKR55ing’, then knows that banKR55ica is your BofA password.

By: mccrum

mccrum — Mon, 21 Nov 2011 23:53:00 +0000

I imagine the next best thing would be “pppaaassworrrddd”

By: Shibi_SF

Shibi_SF — Mon, 21 Nov 2011 23:19:00 +0000

But some accounts like apple(?) restrict the use of repeating characters. They say: no three repeats in a row. ;(. Otherwise, I do like your idea and I would do that in a h34rtb34t!

By: Mordicai

Mordicai — Mon, 21 Nov 2011 23:13:00 +0000

Because most password systems these days yell at you to have a number &/or a symbol in it, along with multiple cap/lowercase tense.

By: ʎoolԀ ɹəpuɐχ ツ 

ʎoolԀ ɹəpuɐχ ツ  — Mon, 21 Nov 2011 22:55:00 +0000

Switched telcos recently for a new landline/broadband bundle. Biggest telco in Australia. They created a new account for me… AND GAVE ME ONE OF THOSE “WORST PASSWORDS” AS MY INITIAL PASSWORD. (and yes, I changed it immediately)

If the largest telco in Australia—even if you think of them as a small fish in a “big pond”, globally speaking—is using these passwords by default for new accounts, what’s the likelihood there’s more than a handful of their users out there still using them? And for those who take security a little more seriously… what hope is there for us?? o.O

By: mccrum

mccrum — Mon, 21 Nov 2011 22:53:00 +0000

Because more and more places are following these rules:
https://supplier.intel.com/Auth/PasswordRules.asp
Requiring at least one capital letter and one number. Hence, more bad passwords becoming “Password1″ or “P455w0rd”

By: Guest

Guest — Mon, 21 Nov 2011 22:30:00 +0000

I know someone who uses Superman (#22) as his iTunes password. He is actually quite a putz.

By: frank255

frank255 — Mon, 21 Nov 2011 22:22:00 +0000

Surely 1234567 is worse than 12345678!?

By: rabidpotatochip

rabidpotatochip — Mon, 21 Nov 2011 22:02:00 +0000

You want a password that’s easy to remember but hard to guess? Simple. Take a word you like, like “password”, and pad it with a bunch of one character at a location of your choosing. For example, “password0000000000″. There, a long password that’s easy to remember but absolute hell to brute force.

By: Curtis Hart

Curtis Hart — Mon, 21 Nov 2011 22:00:00 +0000

That’s amazing! That’s the same combination as my luggage!

By: Mark Langford

Mark Langford — Mon, 21 Nov 2011 21:58:00 +0000

I was going to link to that comic…

By: checkersspeech

checkersspeech — Mon, 21 Nov 2011 21:54:00 +0000

So why can’t you?

By: The Life Of Bryan

The Life Of Bryan — Mon, 21 Nov 2011 21:49:00 +0000

I don’t use actual titles, just chunks of lyrics. And for that very reason. But that’s a pretty good rule of thumb.

By: Donald Petersen

Donald Petersen — Mon, 21 Nov 2011 21:42:00 +0000

Wow… in what culture is “bailey” such an all-fired popular word? I’d expect to find “swordfish” much, much higher up than that.

By: Ryan Black

Ryan Black — Mon, 21 Nov 2011 21:40:00 +0000

It may derive from the Chinese zodiac and refer to the user’s birth year. Although I’m not sure why the years of the monkey and dragon would be represented more than the others…

By: bklynchris

bklynchris — Mon, 21 Nov 2011 21:33:00 +0000

The original was fantastic!!!!!!

By: my name is aesthette

my name is aesthette — Mon, 21 Nov 2011 21:19:00 +0000

So, so happy. trustno1 was my password for like ten years. Until I got hacked all over the place.