The Most Popular Password

[+ Lucky]

Recently a hacker broke into a software site called RockYou, and, as a result, researchers were given an inside look at 32 million passwords. The most common one? 123456 Second most common: 12345. Silly, huh? Hackers can easily figure out most passwords, but people simply don't care.

 

The third most popular password is 1234567689. To see if yours is on the list of the 32 most popular passwords, or, to read more, click here:

 

http://www.nytimes.com/2010/01/21/technology/21password.html?hp

[Guest greatness]

oh my

 

thanks! My password is very complicated sometimes I can't remember.

[josephga]

My dogs name use too be my password on every account i have then he passed away a few months ago and I had to change it on ever account. typing his name in everyday was to much of a painful reminder that he was gone.

[+ deej]

Pet names as password should be avoided anyway. People who know you (or observe you talking about your pet on message boards) might guess it.

[Justice]

One of my friend's called me in a panic this morning. She asked me to destroy a check that she had given me on Saturday. Her Facebook account was somehow compromised. All of her facebook friends got a message saying that she was in London and needed money to get home. She deleted her Facebook account and thought that was then end of her problem. Then she realized that her password for her online banking account was the same of her Facebook account. Need I say more? Fortunately, her bank accounts hadn't been compromised. Unfortunately, she has to close all of her accounts. (In these days of direct deposit and automatic payments that's got to be a nightmare.)

 

I use different passwords for different situations. My online accounts (for things like online banking, etc.) have very complicated passwords. I change them every six months or so. I'm not on Facebook, but I do participate on several message boards. While those passwords aren't as complicated, I change them once or twice a year.

[RM]

I must have 80 different internet sites that need passwords - can't possibly remember them all, so I'm using the same password for any new site. Plus about 8 different passwords at work that must be changed at least every six months - I'm running out of new passwords. Most of the ones at work must be 8 digits, with capitals, numbers, and special characters, too.

[RM]

Wow! My 100th post since I rejoined. Just about once every month.

[Guest greatness]

Congratulations!

 

I wish you a great time here!

 

Wow! My 100th post since I rejoined. Just about once every month.

[Guest Merlin]

It is of course, easier to type numbers or letters in a row, e.g. 12345 than to use an actual word, and you are less likely to make a mistake. This is especially true for those of us who are not great typists. This article, bringing it to the attention of the potential hackers, makes it more important not to use the ones listed in the articles. However, if you start with some number other than "one", or some letter other than the end of the line, it probably does not make much difference. It is not much easier to guess ghjk, for instance than to guess an actual word.

[Kevin Slater]

I never understood why we're supposed to change our passwords every six months (or however frequently). If the account only needs to be cracked once in order to allow nefarious activity, what good does changing the password do? Almost seems to me that would increase it's likelihood to be guessed. Now of course if an account has been breached I can see the urgency to change.

 

Kevin Slater

[Guest LatinoRican]

Deja vu...

 

About two weeks ago, I also received an email from a good friend saying that he was vacationing in London and needed money urgently as all his documents and credit cards had been stolen. The tone of the communication was so formal, that I knew it could not

be him. Needless to say, I sent no money as it turned out to be a scam from someone who

broke into one of his accounts.

[Cooper]

Passwords...

 

The most common one? 123456 Second most common: 12345. Silly, huh? Hackers can easily figure out most passwords, but people simply don't care.

 

The third most popular password is 1234567689. To see if yours is on the list of the 32 most popular passwords.....

 

Recently I opened a new account and was asked to create a password. The manager suggested that I not use my birth date, last 4 digits of my SS#, or my zip code... Well, there went my first 3 choices... and I thought I was so clever.

[+ Charlie]

I use several different passwords or variations on a password, and try to keep them written down on a list by the computer. Most sites let you try to enter at least three times, so if I have misremembered the word, I try one of the variations, or one of my other most common passwords. Except for my bank account, however, I wouldn't care if someone else got into most of my personal sites. All my passwords are mixes of letters and numbers that wouldn't make sense to most people (Hooboy himself gave me that idea when I first got on the Internet, because this was the first site I ever entered that required a password).

[+ Lucky]

Bank of America, for all their faults, has a SafePass method of signing in. You need your password, then check if your sitekey is the one you chose, and, optionally, ask for a SafePass to be sent to your mobile phone. You then must type that number in as well. So, a thief would not just need your password, he needs your cellphone too.

[JoshAB]

passwords

 

I don't know if there's a way to change your password on THIS site..I haven't spent any time trying to - but I suppose using the one that was sent can be called a 'feature' now. If some hacker gets into this site, the user id/pwd combo would be useless elsewhere. Daddy takes care of us!

 

J.

[+ deej]

It is of course, easier to type numbers or letters in a row, e.g. 12345 than to use an actual word, and you are less likely to make a mistake. This is especially true for those of us who are not great typists. This article, bringing it to the attention of the potential hackers, makes it more important not to use the ones listed in the articles. However, if you start with some number other than "one", or some letter other than the end of the line, it probably does not make much difference. It is not much easier to guess ghjk, for instance than to guess an actual word.

 

This article did absolutely nothing to "bring it to the attention" of potential hackers. They were there long before anyone used any of the passwords listed. And they've already got automatic cracking programs that detect a series that starts on a different key or letter, or typing with your hands "one off" on the keyboard.

 

I never understood why we're supposed to change our passwords every six months (or however frequently). If the account only needs to be cracked once in order to allow nefarious activity, what good does changing the password do? Almost seems to me that would increase it's likelihood to be guessed. Now of course if an account has been breached I can see the urgency to change.

 

Password cracking algorithms often take weeks to successfully crack a password. The longer you leave a password in place, the more likely they'll crack it eventually. Changing it regularly reduces the window of vulnerability. It does them no good to finally crack a password that's no longer used.

 

Bank of America, for all their faults, has a SafePass method of signing in. You need your password, then check if your sitekey is the one you chose, and, optionally, ask for a SafePass to be sent to your mobile phone. You then must type that number in as well. So, a thief would not just need your password, he needs your cellphone too.

 

That's closer to the security "holy grail":

 

* Something you know (a PIN, for example)

* Somethign you have (a card)

* Something you are (a fingerprint)

* Human verification that the fingerprint isn't from a severed hand

[Greathands]

I've come up with a "formula" of sorts that uses both letters and numbers that I'm able to customize to each place I use it.

 

While the "formula" remains the same, the letters and/or numbers change based on that particular site and/or business.

 

This makes it very easy for me to remember my passwords. And even if someone did somehow get one of my passwords, they would not be able to use it elsewhere or figure out the other passwords.

[MsGuy]

That's closer to the security "holy grail":

 

1) Something you know (a PIN, for example)

2) Something you have (a card)

3) Something you are (a fingerprint)

4) Human verification that the fingerprint isn't from a severed hand

 

Close, but no cigar, deej. I assure you that, long before it got down to #4, I would have given up whatever the bad guys wanted.

[+ deej]

Close, but no cigar, deej. I assure you that, long before it got down to #4, I would have given up whatever the bad guys wanted.

 

It's called the holy grail because nobody will ever have it.

[Kevin Slater]

I never understood why we're supposed to change our passwords every six months (or however frequently). If the account only needs to be cracked once in order to allow nefarious activity, what good does changing the password do? Almost seems to me that would increase it's likelihood to be guessed. Now of course if an account has been breached I can see the urgency to change.

Password cracking algorithms often take weeks to successfully crack a password. The longer you leave a password in place, the more likely they'll crack it eventually. Changing it regularly reduces the window of vulnerability. It does them no good to finally crack a password that's no longer used.

 

I'm sure I'm being dense here, but how can they crack my password in anything but real time? If they go to my bank's website and try 123456, then 123457, etc., it either works or it doesn't, right? The bank isn't going to tell them "yeah, that was it three weeks ago." I don't understand how it's anything but a real-time match between my current password and their current attempt, at which time my funds are pilfered. I don't understand in this instance how it's harder to hit a moving target than a static one. Aren't I just as likely to change it to their next guess as away from it?

 

Kevin Slater

[+ Lucky]

Given that finding your password is a process of elimination, they eliminate many possibilities as time goes on. A static password becomes vulnerable as more possibilities are eliminated. With a new password, the hackers have to start from scratch.

[+ deej]

Moving targets are always more difficult to hit. Ask any baseball player.

[+ purplekow]

Or any golfer

[+ Archer]

Any golfer? Where exactly are you trying to put that ball?

[Kevin Slater]

Given that finding your password is a process of elimination, they eliminate many possibilities as time goes on. A static password becomes vulnerable as more possibilities are eliminated. With a new password, the hackers have to start from scratch.

 

Thanks, but I still don't get it. By that logic, I'm only safer if I switch to a more obvious password that they've already tried and eliminated, 123456 for instance. They can't tell when I change my password, so they don't know they have to start from scratch. Or what's the advantage to one untested password over another? If they've yet to try bunnyfarts why am I better off changing to poodlefisting?

 

I really am trying to understand here, but I get the feeling that like eliminating liquid carry-ons and taking off my shoes at an airport, this is a security measure that we all adhere to but doesn't stand up to logic.

 

Kevin Slater