Comments on: Crummy passwords from Yahoo users

By: Rossi

Rossi — Mon, 16 Jul 2012 05:26:00 +0000

I’m gratified that Jesus is just beaten out by monkey.

By: jrs505050

jrs505050 — Sat, 14 Jul 2012 06:00:00 +0000

i have a yahoo account with the password as “password.” I don’t use it except for when I don’t want to use my real email.

By: Sparrow

Sparrow — Fri, 13 Jul 2012 20:35:00 +0000

Fortunately, I couldn’t find CorrectHorseBatteryStaple on the list, so my password is safe for now.

By: Uthor

Uthor — Fri, 13 Jul 2012 20:25:00 +0000

I’d imagine a lot of the weak passwords come from people treating it as a throw away account. I have tons of logins in places I don’t care about, usually registered so I could post a single comment on a webpage, that have a weak password that’s probably easy to hack.

By: Coderjoe

Coderjoe — Fri, 13 Jul 2012 16:48:00 +0000

Here are the counts for those as the entire password. (they do occur as part of a more complex password a lot, however)

     52 secret
     46 love
      3 god
      2 sex

By: sigdrifa

sigdrifa — Fri, 13 Jul 2012 08:14:00 +0000

I was thinking the same thing; when it said in the Ars article that they were not posting the link but that, at the time of writing, it wasn’t too hard to find. I didn’t even bother to search, I went and changed my Yahoo password right away. I only use Yahoo for chat (with some people I can’t convince to switch) and I never used their voice service (not even sure if it’s available in Europe; probably not) but I though it wouldn’t hurt.

By: sigdrifa

sigdrifa — Fri, 13 Jul 2012 08:06:00 +0000

Unfortunately, that is something it’s particularly hard to convince non tech-savvy people of. Most of my friends fall into that category, and trying to switch them to a solution as simple as, e.g, Keepass — of which there are versions for all major OSes — seems to be an impossible task.

By: sigdrifa

sigdrifa — Fri, 13 Jul 2012 08:02:00 +0000

Isn’t that the same login as for every other Yahoo service?

By: sigdrifa

sigdrifa — Fri, 13 Jul 2012 08:01:00 +0000

For me, not so much shocking (as in: you can only be shocked the first time you hear something) but exasperating — every time I get an e-mail from one of my two friends who don’t want to start over somewhere else. At least the chat situation isn’t too bad — thank you, Pidgin.

By: noah django

noah django — Fri, 13 Jul 2012 07:47:00 +0000

where is this list of passwords? I wanna ctrl-f it and see if I’m on it, but all google gives me is Ars Technica’s coverage and everyone else citing Ars, including BB’s first post.

FUCKING LINK, PLEASE!

By: LennStar

LennStar — Fri, 13 Jul 2012 07:46:00 +0000

I always wonder why it is 123456 and not 12345 or 1234567 and why it is not 987654321 which is much easier to type for right hand people (with your left hand running over the keys and hit enter or click with right) than say 123456, the most common one. (And it is “saver” ;))

By: Dan Baron

Dan Baron — Fri, 13 Jul 2012 05:26:00 +0000

I am disappointed that the most common four are not love, secret, sex, and god.

By: Pirate Jenny

Pirate Jenny — Fri, 13 Jul 2012 01:50:00 +0000

I use my Yahoo email account for shopping, mailing lists, and anything else that’s likely to result in spam (because the spam filter is pretty good, and this keeps my personal email account from being overrun with less important stuff). So this is pretty annoying to me. How many more times does this have to happen before companies learn to lock that shit down?

By: iondiode

iondiode — Fri, 13 Jul 2012 00:22:00 +0000

Correct! I mean analyzing this is all very well and good, but these passwords weren’t obtained through brute force. They were available in the clear. boo.
I think email is pretty dumb anyway, but it seems to de rigur for provding an identity on the internet. I guess it’s better than facebook, but comeon people there has to be a better way!

By: Henry Pootel

Henry Pootel — Thu, 12 Jul 2012 22:54:00 +0000

Yup. Kinda like, why bother?

By: nvlady

nvlady — Thu, 12 Jul 2012 22:32:00 +0000

Yahoo!, that’s cute.
I have 3 passwords of different levels of complexity I use from everywhere to photobucket, to amazon to my bank and 401k. I change them every 6 months. I know if I cant remember one, then it’s gotta be one of the three. :)

By: Shibi_SF

Shibi_SF — Thu, 12 Jul 2012 22:30:00 +0000

Not us. I don’t know what it is. I try to only go to reputable sites to look at reputable things like cats with poorly spelled captions or indifferent cats in awkward situations with naked folks.

By: RioMcT

RioMcT — Thu, 12 Jul 2012 22:26:00 +0000

and yet my old Flickr password of 45rpm7″Single! is just as secure as “password” after Yahoo got hacked.

By: John Hickey

John Hickey — Thu, 12 Jul 2012 22:26:00 +0000

What sites lets you use a 0ne character password. something seems wrong here.

By: RedShirt77

RedShirt77 — Thu, 12 Jul 2012 22:21:00 +0000

This does at least point at the bigger problem more than the few qwerty users out there.

Why do we allow the discussion of security to be hijacked by this mocking of people we think are stupid?

If you started logging into accounts by guessing the common stupid passwords, your rate of success would be well below 1%. and the act of guessing on so many accounts would probably raise a red flag somewhere. Meanwhile fishing and large scale theft are common and the reusing the same password everywhere seems to be the result of having ever increasing complexity and rotation of passwords

By: RedShirt77

RedShirt77 — Thu, 12 Jul 2012 22:14:00 +0000

Who uses yahoo voice?

By: Art

Art — Thu, 12 Jul 2012 22:07:00 +0000

Here’s a better password!

Heather Dorindens 600 meter race
Heather Dorindens 600 meter race
Heather Dorindens 600 meter race
Heather Dorindens 600 meter race
Heather Dorindens 600 meter race
Heather Dorindens 600 meter race

By: Seg

Seg — Thu, 12 Jul 2012 22:06:00 +0000

Even more interesting is when you cross-reference the leaked PSN accounts from a year ago with the Yahoo leak. Of the 302 accounts with the same usernames, 60% were the same passwords.

http://www.troyhunt.com/2012/07/what-do-sony-and-yahoo-have-in-common.html

By: Shibi_SF

Shibi_SF — Thu, 12 Jul 2012 22:05:00 +0000

I thought that this was a dump of just Yahoo Voice users’ passwords. Is it ALL Yahoo users? (Mr. Shibi’s Yahoo email addresses were compromised at about 3am this morning — and he is not a Yahoo Voice user, but this could be unrelated to that.)

By: mintyy

mintyy — Thu, 12 Jul 2012 21:55:00 +0000

It doesn’t say that these are of current users. They could be accounts inactive since 2003. Maybe even YOUR old account!

By: novium

novium — Thu, 12 Jul 2012 21:47:00 +0000

I don’t think they do- maybe it’s been grandfathered in?

By: Keith Edwards

Keith Edwards — Thu, 12 Jul 2012 21:46:00 +0000

What’s even more shocking is that there are nearly half a million people still using Yahoo!.

By: Boundegar

Boundegar — Thu, 12 Jul 2012 21:41:00 +0000

Does this mean “monkey jesus love money” is a bad password?

By: Cyran0

Cyran0 — Thu, 12 Jul 2012 21:36:00 +0000

An unsolicited and totally legit work-from-home internet post?

I smell a Clifford the Big Red Herring . . .

By: Gabriel Nagmay

Gabriel Nagmay — Thu, 12 Jul 2012 21:33:00 +0000

^ Looks like Clifford’s yahoo account was one of those hacked.