Bible references make very weak passwords

An analysis of passwords found in the 2009 breach of Rockyou -- 32 million accounts -- finds a large number of Biblical references ("jesus"," "heaven", "faith", etc), including a number of Bible verse references ("john316").

These -- including variants that add numbers or substitute number for letters -- are very easy for password-guessing brute-force software to decrypt.

An article in Christianity Today advises against using your "life verse" as a password, but fails to warn that other ways of turning verses into passwords -- like using the first letter of each word in a verse -- are also fairly weak, in that it is easy for computers to compile a database of all easily memorable passwords that could be constructed in this way.

Another too-popular choice is “jesus,” or variants like “jesus777” and “jesus143.” Collectively, more than 21,000 people in the breach used the Son of God’s name as a password, making it the 30th most common password overall, a bit behind “tigger” (No. 22) and ahead of “football” (No. 45).

You want a password to be unguessable. If you use your life verse as your password—say, for your church’s financial software—you’re opening yourself and your church to potential hacking by choosing something easy to predict.

If you do use a Bible reference or something related to Christianity as a password, be sure to include hard-to-guess letters, numbers, or symbols as part of it. Also consider including unrelated words or phrases. The key is to be unpredictable.

Beware of Making Jesus Your Password [Stephen Smith/Christianity Today]

(via Super Punch)

Notable Replies

  1. Hey, @Falc -- oh, wait. People are still doing this sort of shit in 2017?

  2. the 30th most common password overall, a bit behind “tigger” (No. 22)

    No! I'm the only one!

  3. Smartest man in the world

  4. Reminds me of that movie The Ninth Gate. This really wealthy Satan worshipper brings Johnny Depp into the secure vault where he keeps his most valuable books and the password he punches into the keypad to open the door is "6-6-6". Yeah, that's totally going to confound any thieves trying to steal satanic texts.

  5. Christ, what a password.

Continue the discussion bbs.boingboing.net

40 more replies

Participants