An Illustration of the 500 Worst Passwords

Page 3 - Seeking answers? Join the Tom's Guide community: where nearly two million members share solutions and discuss the latest tech.
Sidebar Sidebar
Status
Not open for further replies.
[citation][nom]kikireeki[/nom]Could you please sort them in an alphabetical order?[/citation]

Not when you spell "astericks" like Astrix" they don't...

All old people will have to do is spell properly, then NONE LEET HAX0rZ will evr Ges ur pwd.
 
[citation][nom]HalJordan[/nom]Every time I come up with a great new password that is equally hard for someone else to guess, yet easy for me to remember I come across another system that won't allow certain characters to be used. So, I have a sheet of about 50 passwords hidden away. Which is a no-no for security, but who can easily remember 50 passwords made up of "Q&_t139erN_1" ?[/citation]

Agreed, I have passwords that range from 6 to 20 characters some with number and/or symbols/ and/or underscores and/or capitals. Stupid inconsistencies.
 
[citation][nom]hellwig[/nom]Any password is safe enough if the stupid log-in system doesn't allow unlimited attempts to guess the password. Seriously, even something as simple as 123456789 might not be guessed if the person starts at 12345, and gets cut off after three guesses. Throw a random letter or other character in there anywhere and it will NEVER be guessed on a truly secure system. However, if your login system lets anyone guess passwords repeatedly with no count limit or mandatory wait period, then any password will be guessed, even if its IOdfdf___23123__!@dffd_34232.Seriously, 3 tries and it locks the account for 5 minutes. 3 more an its 30 minutes, etc.. etc..My company pisses me off cause it makes us change passwords every 3 months. Seriously, 3 months, did they do a study and figured after 3 months some hacker is getting close to guessing the password? Password security is a joke because people rely on the users to protect themselves. I don't recall 4-digit PIN numbers for ATM cards being a major security risk. You know why? After too many failed attempts, the machine TAKES THE FREAKING CARD and the bank locks-out access to the account, no more guesses for mister criminal.[/citation]
If you ever work on the network administration part of the company, you'll understand the importance of minimum password requirements and length of time. While it will typically lock the user account out after a certain amount of attempts, it doesn't hurt to have to have a few special characters, caps, numbers, etc. It's the IT department's job to make sure the network is as secure as possible because, while you may have a relatively complex password, most users would just as soon keep a password like "Password1" for years on end if they weren't required to change it.

Three months is also not that bad. By default I believe it's 45 days in a typical environment (by default). I don't think it's all that tough to have to change your password 4 times a years in order to help ensure network security.

At least try to see it from a network admin's point of view. If someone gains access to the network using your account illegally, it's going to be the IT department that will answer for the intrusion, not you. I know a lot of the time IT guys can be dicks but sometimes we have our reasons 😉
 
[citation][nom]Honis[/nom]President Skroob: Did it work? Where's the king?Dark Helmet: It worked, sir. We have the combination.President Skroob: Great. Now we can take every last breath of fresh air from Planet Druidia. What's the combination?Colonel Sandurz: 1-2-3-4-5President Skroob: 1-2-3-4-5?Colonel Sandurz: Yes!President Skroob: That's amazing. I've got the same combination on my luggage.Dark Helmet, Colonel Sandurz: [looks at each other][/citation]

Lol, that is exactly what I was thinking when I was reading through those.
 
or have the same base password and salt the password for whatever site you go to...

say your base password was password (although I am not suggesting it)

make two letters capital let say it is now PassWord
Make two letters special characters, and now its P@s$Word
make two letters into numbers, and now it is P@5$W0rd
and then salt from there, so say you log onto facebook; add the initals of the page to your password so it is now" P@5$W0rd-fb

now you only have to remember your base password and obviously you know the site/account you are going to...

salting can be fun and secure... 😛
 
[citation][nom]mrface[/nom]or have the same base password and salt the password for whatever site you go to...say your base password was password (although I am not suggesting it)make two letters capital let say it is now PassWordMake two letters special characters, and now its P@s$Wordmake two letters into numbers, and now it is P@5$W0rdand then salt from there, so say you log onto facebook; add the initals of the page to your password so it is now" P@5$W0rd-fbnow you only have to remember your base password and obviously you know the site/account you are going to...salting can be fun and secure...[/citation]
I like this too. Sometimes I forget things, so this has helped me access my stuff.....Did I mention that I sometimes forget things?
 
The problem with forcing users to change their passwords every 45 days or even 3 months is that users will just end up writing their passwords down on post-it notes on their monitor. I would personally have trouble remembering my password if I had to change it every month and a half. I don't mind having strict requirements such as minimum length, special chars, caps, numbers, etc, as long as I don't have to remember a new obscure password all the time.
 
[citation][nom]visa[/nom]By default I believe it's 45 days in a typical environment (by default). I don't think it's all that tough to have to change your password 4 times a years in order to help ensure network security. At least try to see it from a network admin's point of view. If someone gains access to the network using your account illegally, it's going to be the IT department that will answer for the intrusion, not you. I know a lot of the time IT guys can be dicks but sometimes we have our reasons[/citation]
You don't explain how keeping a password for any length of time is insecure. What is the risk of using a password for more than 45 days, 3 months, or even 1 year? If passwords are insecure after 45 days, they are insecure as soon as you create them. If the risk is people giving away these passwords, that risk is always present, and as gm0n3y mentioned, making people change their password all too often only causes them to use less secure passwords, or worse, write them on a sticky and put them on their monitor.

Minimum password restrictions are one thing (and they are beneficial), but if I already select a 16-character password with a minimum of 2 uppercase characters, 2 numbers, and 2 non-alphanumeric characters, whats the risk if I want to use that same password for a year? I doubt anyone can argue that a password becomes less secure after 45 days, simply because the dangers to password security exist from day 1.

I think password expirations are hold-overs of an old-wives tale. Someone, decades ago, thought it might be more secure to force people to change their passwords. No one ever bothered to figure out if it was actually beneficial or not, but IT still requires it because no one questions convention. Seriously, what happens after 45,90,180 days that makes my password any less secure?
 
The only reason I can understand changing passwords is to protect against disgruntled former employees. Obviously you need to change/remove their login for any computers they have access too, but they also often have their coworkers' u/p.
 
A description of Microsoft's best practices regarding passwords:

http://technet.microsoft.com/en-us/library/cc784090%28WS.10%29.aspx

To paraphrase from the password age section:

"Define the Maximum password age policy setting so that passwords expire as often as necessary for your environment, typically, every 30 to 90 days. With this policy setting, if an attacker cracks a password, the attacker only has access to the network until the password expires."

In a perfect world, everyone would use 16 character, ridiculously complex passwords. People don't.

Like I said before, this is what you call "best practices". I deal with small to medium businesses so inherently, most of them do not follow best practices with passwords and they haven't run into any issues over the years (that we're aware of). In a larger, corporate environment, it becomes more and more important to follow these standards.
 
"the attacker only has access to the network until the password expires."

Ok, this makes some sense. But there has to be diminishing returns when forcing people to change them frequently. I have a bad memory and if I had to change my password more than say twice a year, I'd have to write it down, especially if its complex. I'd also be more likely to make it less complex to make it easier to remember.

As to people not having complex passwords, force them to (min 12 characters, containing uppercase, lowercase, symbols and numbers). If you have to, create the passwords for them (I've worked at a company where this was the case).
 
If you are prone to forget a password soon after you change it then make sure that you never change your password on a Friday and that you log in using that password at least three times before you go home. Also, when you are asked to change your password you don't need an entirely different password. Just change one character/number/letter.
 
Status
Not open for further replies.

Similar threads

rose petal
Are iPhones really that more better
Replies
2
Views
3K
Cell Phone General Discussion
LordVile
LordVile
U
Looking for the cell phone with the most privacy
Replies
6
Views
7K
Cell Phone General Discussion
COLGeek
COLGeek
Q
  • Locked
  • Question Question
Solved! Xiaomi 13T Pro stayed under water for 1.5 hours
Replies
4
Views
4K
Cell Phone General Discussion
mcphilly
M
K
Question ASUS ROG-Randomly losing WiFi connection at home. Hard to reconnect.
Replies
0
Views
2K
Laptop Tech Support
kingbengals
K
signofthecrow2
Question Durable budget laptop recommendations for work and art
Replies
2
Views
2K
Laptop General Discussion
COLGeek
COLGeek

TRENDING THREADS

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom