Jump to content
Tuts 4 You
Sign in to follow this  
Teddy Rogers

Millions using 123456 as password...

Recommended Posts

Teddy Rogers
Quote

Top of the list was 123456, appearing in more than 23 million passwords. The second-most popular string, 123456789, was not much harder to crack, while others in the top five included "qwerty", "password" and 1111111.

Any sites that let you sign up and register using a weak password are just as bad as the people willing to use them...

https://www.bbc.co.uk/news/technology-47974583

Ted.

Share this post


Link to post
Nemo

if the password you want is in rockyou.txt use another one ;)

Share this post


Link to post
SkyProud
13 minutes ago, Nemo said:

if the password you want is in rockyou.txtļ»æ use another one ;)

rockyou.txt is really big in size, 130+MB, downloading it to check myself.šŸ™‚

Share this post


Link to post
kao
8 hours ago, Teddy Rogers said:

Any sites that let you sign up and register using a weak password are just as bad as the people willing to use them...

I really, really disagree. Not all websites are valuable. And not all passwords should chosen to be secure.Ā 

In fact, this was something I wanted to write about for a long time already, so here it goes:Ā https://lifeinhex.com/my-password-is-password/Ā (shameless self-promo, I know! :) )

  • Like 3

Share this post


Link to post
Teddy Rogers

If you think a website is not worthy of a unique and strong password you may as well use a 10 minute throwaway email address to register - or a shared account.

I think it good practice to be encouragingĀ users in general and of websites to use and enforce unique and strong passwords. A website may be valuable to you and not to others. The option shouldn't beĀ left open for a person whom values a site risk losingĀ it fromĀ using a weak password because there are other users out there that don't care what they use...

Ted.

  • Like 1

Share this post


Link to post
Rever7eR

peopleĀ  use weak passwords because it's easy to remember , i mean we all hate password recovery process and inbox checking ...

Share this post


Link to post
atom0s

I don't really agree that the sites are just as bad. It's hard to make rules that completely remove "insecure" passwords. General/common passwords that are seen as the 'top reused' could be blocked, simple rules applied to stop basic stuff, but sites that require a mix of things like lower-case, upper-case, a symbol etc. are not any better. People will just alter their password by adding 1 thing to it, which is almost always a ! at the start or end of their password. They'll also just generally change the first letter in the password to upper-case when required. It doesn't create a more secure password, it just creates another problem with passwords.

Pretty much anything a general user comes up with is going to be insecure because it's going to be a mix of actual information about themselves in some manner in most cases. People use their names, pet names, date of birth, kids/grand kids etc. which is all data that is collectable from all kinds of sources.Ā 

Passwords, in general, are insecure. The sooner we move away from them and into other means of security, it'll be better for everything. Not saying we have anything better yet but it's definitely time to see them become a thing of the past.

Share this post


Link to post
kao
On 4/24/2019 at 4:18 AM, Teddy Rogers said:

If you think a website is not worthy of a unique and strong password you may as well use a 10 minute throwaway email address to register - or a shared account.

Exactly! I think that throwaway email and a garbage password is a correct approach for garbage sites.

The problem is with media and so-called "researchers". They obtain SQL dumps of garbage sites and then run around screaming "Oh my god, people still use password "123456"!"Ā 

Ā 

On 4/24/2019 at 4:18 AM, Teddy Rogers said:

The option shouldn't beĀ left open for aļ»æ person whom values a site risk losingĀ it fromĀ using a weak password because there are other users out there that don't care what they use...

If a person values some website, he/she should use a strong password/2FA - it's a common sense.Ā Just like if you value your car, you'll put a car alarm and GPS tracker in it.

But in no way car manufacturers should demand installing GPS trackers "just because someone is stupid enough not figure it out on his/her own".

Share this post


Link to post
Progman

Microsoft admits expiring-password rules are useless

"When humans are assigned or forced to create passwords that are hard to remember, too often they'll write them down where others can see them," Microsoft's Aaron Margosis wroteĀ in a blog post Wednesday. Worse, Margosis wrote, when people are forced to change their passwords, too often they make a "small and predictable alteration to their existing password," or they'll just forget it. (Duh.)

https://www.cnet.com/news/microsoft-admits-expiring-password-rules-are-useless/

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
×
×
  • Create New...