RockYou Hack Reveals the Worst 20 Passwords
-
Repost
.45 ACP - because shooting twice is just silly
-----
"Why don't you tie a kerosene-soaked rag around your ankles so the ants won't climb up and eat your candy ass..." - Dale Earnhardt, 1997
-----
"The staggering layers of obscenity in your statement make it a work of art on so many levels." - J. Jystad, 2001where is the beef?
Yusuf May I help you?
-
from the article: By far, the most popular password on the site was "123456," apparently satisfying a minimum character limit on the site's password restrictions, but doing little for security. A full 290,731 users used this password, far more than the runner-up, the slightly less complex "12345, which attracted 79,078 uses. clickty[^] I have learned a simple trick to create mid-to-strong password by simple substitution. Let us take "codeproject" as case example, it goes as follows - first let us capitalize some letters => CodeProject - substitute "o" with "0" => C0deProject - upper case e (E) can be imagined as mirror image of 3 => C0d3Pr0j3ct - let us sprinkle some chars (SHIFT 3 = # on the US layout keyboard) => C0d#Pr0j#ct - Finally P can be imagines as mirror image of 9 => C0d#9r0j#ct So we went from codeproject => C0d#9r0j#ct and I can use Code Project as my password hint. :cool: The cool part is there is no limit to the imagination and the resulting password can be as close as random characters. How do you create your password?
Yusuf May I help you?
Yusuf wrote:
I have learned a simple trick to create mid-to-strong password by simple substitution.
I hope you don't foresee a patent on this method. :laugh:
-
from the article: By far, the most popular password on the site was "123456," apparently satisfying a minimum character limit on the site's password restrictions, but doing little for security. A full 290,731 users used this password, far more than the runner-up, the slightly less complex "12345, which attracted 79,078 uses. clickty[^] I have learned a simple trick to create mid-to-strong password by simple substitution. Let us take "codeproject" as case example, it goes as follows - first let us capitalize some letters => CodeProject - substitute "o" with "0" => C0deProject - upper case e (E) can be imagined as mirror image of 3 => C0d3Pr0j3ct - let us sprinkle some chars (SHIFT 3 = # on the US layout keyboard) => C0d#Pr0j#ct - Finally P can be imagines as mirror image of 9 => C0d#9r0j#ct So we went from codeproject => C0d#9r0j#ct and I can use Code Project as my password hint. :cool: The cool part is there is no limit to the imagination and the resulting password can be as close as random characters. How do you create your password?
Yusuf May I help you?
Haven't read the article (because it took so long to load that I got bored and went away), but to be honest any site which stores a password in any form other than one-way encrypted or SHA hashed is not one I realy want to visit.
All those who believe in psycho kinesis, raise my hand.
-
Yusuf wrote:
I have learned a simple trick to create mid-to-strong password by simple substitution.
I hope you don't foresee a patent on this method. :laugh:
-
Haven't read the article (because it took so long to load that I got bored and went away), but to be honest any site which stores a password in any form other than one-way encrypted or SHA hashed is not one I realy want to visit.
All those who believe in psycho kinesis, raise my hand.
The article doesn't actually say that they don't. Given the passwords, the list could have been constructed by a bot hacking accounts with a bot using a dictionary attack, but I suspect your assumption that they just stored the passwords either clear text or with reversible encryption is correct. 5 for the observation, which I heartily agree with.
-
Haven't read the article (because it took so long to load that I got bored and went away), but to be honest any site which stores a password in any form other than one-way encrypted or SHA hashed is not one I realy want to visit.
All those who believe in psycho kinesis, raise my hand.
OriginalGriff wrote:
any site which stores a password in any form other than one-way encrypted or SHA hashed is not one I realy want to visit.
With at least one exception, I suppose? Hint: Code Project ;)
My .NET Business Application Framework My Home Page My Younger Son & His "PET"
-
The article doesn't actually say that they don't. Given the passwords, the list could have been constructed by a bot hacking accounts with a bot using a dictionary attack, but I suspect your assumption that they just stored the passwords either clear text or with reversible encryption is correct. 5 for the observation, which I heartily agree with.
-
from the article: By far, the most popular password on the site was "123456," apparently satisfying a minimum character limit on the site's password restrictions, but doing little for security. A full 290,731 users used this password, far more than the runner-up, the slightly less complex "12345, which attracted 79,078 uses. clickty[^] I have learned a simple trick to create mid-to-strong password by simple substitution. Let us take "codeproject" as case example, it goes as follows - first let us capitalize some letters => CodeProject - substitute "o" with "0" => C0deProject - upper case e (E) can be imagined as mirror image of 3 => C0d3Pr0j3ct - let us sprinkle some chars (SHIFT 3 = # on the US layout keyboard) => C0d#Pr0j#ct - Finally P can be imagines as mirror image of 9 => C0d#9r0j#ct So we went from codeproject => C0d#9r0j#ct and I can use Code Project as my password hint. :cool: The cool part is there is no limit to the imagination and the resulting password can be as close as random characters. How do you create your password?
Yusuf May I help you?
I use A real simple forty-two character password
Need custom software developed? I do custom programming based primarily on MS tools with an emphasis on C# development and consulting. A man said to the universe: "Sir I exist!" "However," replied the universe, "The fact has not created in me A sense of obligation." --Stephen Crane
-
from the article: By far, the most popular password on the site was "123456," apparently satisfying a minimum character limit on the site's password restrictions, but doing little for security. A full 290,731 users used this password, far more than the runner-up, the slightly less complex "12345, which attracted 79,078 uses. clickty[^] I have learned a simple trick to create mid-to-strong password by simple substitution. Let us take "codeproject" as case example, it goes as follows - first let us capitalize some letters => CodeProject - substitute "o" with "0" => C0deProject - upper case e (E) can be imagined as mirror image of 3 => C0d3Pr0j3ct - let us sprinkle some chars (SHIFT 3 = # on the US layout keyboard) => C0d#Pr0j#ct - Finally P can be imagines as mirror image of 9 => C0d#9r0j#ct So we went from codeproject => C0d#9r0j#ct and I can use Code Project as my password hint. :cool: The cool part is there is no limit to the imagination and the resulting password can be as close as random characters. How do you create your password?
Yusuf May I help you?
Just how important is a very secure password when the site you are using gets hacked and exposes your PW in plain-text?
Need custom software developed? I do custom programming based primarily on MS tools with an emphasis on C# development and consulting. A man said to the universe: "Sir I exist!" "However," replied the universe, "The fact has not created in me A sense of obligation." --Stephen Crane
-
from the article: By far, the most popular password on the site was "123456," apparently satisfying a minimum character limit on the site's password restrictions, but doing little for security. A full 290,731 users used this password, far more than the runner-up, the slightly less complex "12345, which attracted 79,078 uses. clickty[^] I have learned a simple trick to create mid-to-strong password by simple substitution. Let us take "codeproject" as case example, it goes as follows - first let us capitalize some letters => CodeProject - substitute "o" with "0" => C0deProject - upper case e (E) can be imagined as mirror image of 3 => C0d3Pr0j3ct - let us sprinkle some chars (SHIFT 3 = # on the US layout keyboard) => C0d#Pr0j#ct - Finally P can be imagines as mirror image of 9 => C0d#9r0j#ct So we went from codeproject => C0d#9r0j#ct and I can use Code Project as my password hint. :cool: The cool part is there is no limit to the imagination and the resulting password can be as close as random characters. How do you create your password?
Yusuf May I help you?
Yusuf wrote:
How do you create your password?
Take a poem, song lyric, quote, etc, and use the first letter from each word. You can get 20-30 characters easy. That other stuff is just too hard to remember.
"One man's wage rise is another man's price increase." - Harold Wilson
"Fireproof doesn't mean the fire will never come. It means when the fire comes that you will be able to withstand it." - Michael Simmons
-
I have the free version but the generated passwords are hard to remember. By the way who am I :confused:
-
Just how important is a very secure password when the site you are using gets hacked and exposes your PW in plain-text?
Need custom software developed? I do custom programming based primarily on MS tools with an emphasis on C# development and consulting. A man said to the universe: "Sir I exist!" "However," replied the universe, "The fact has not created in me A sense of obligation." --Stephen Crane
Ennis Ray Lynch, Jr. wrote:
Just how important is a very secure password when the site you are using gets hacked and exposes your PW in plain-text?
Well said.
Yusuf May I help you?
-
I've read a few more articles about the breach. Plaintext passwords in the DB and a simple SQL injection attack were involved.
3x12=36 2x12=24 1x12=12 0x12=18
Oooo! I love the smell of professionalism in the morning!
All those who believe in psycho kinesis, raise my hand.
-
Haven't read the article (because it took so long to load that I got bored and went away), but to be honest any site which stores a password in any form other than one-way encrypted or SHA hashed is not one I realy want to visit.
All those who believe in psycho kinesis, raise my hand.
even if they are hashed, you can find out who uses "123456" by generating the hash for "123456" and finding the matches in your list of hashed pwds.
-
even if they are hashed, you can find out who uses "123456" by generating the hash for "123456" and finding the matches in your list of hashed pwds.
Good point!
All those who believe in psycho kinesis, raise my hand.
-
I have the free version but the generated passwords are hard to remember. By the way who am I :confused:
djj55 wrote:
By the way who am I
Tonight on America's Dumbest Criminals, we deal with Identity theft. My name's ...????
"WPF has many lovers. It's a veritable porn star!" - Josh Smith
As Braveheart once said, "You can take our freedom but you'll never take our Hobnobs!" - Martin Hughes.
-
Good point!
All those who believe in psycho kinesis, raise my hand.
-
from the article: By far, the most popular password on the site was "123456," apparently satisfying a minimum character limit on the site's password restrictions, but doing little for security. A full 290,731 users used this password, far more than the runner-up, the slightly less complex "12345, which attracted 79,078 uses. clickty[^] I have learned a simple trick to create mid-to-strong password by simple substitution. Let us take "codeproject" as case example, it goes as follows - first let us capitalize some letters => CodeProject - substitute "o" with "0" => C0deProject - upper case e (E) can be imagined as mirror image of 3 => C0d3Pr0j3ct - let us sprinkle some chars (SHIFT 3 = # on the US layout keyboard) => C0d#Pr0j#ct - Finally P can be imagines as mirror image of 9 => C0d#9r0j#ct So we went from codeproject => C0d#9r0j#ct and I can use Code Project as my password hint. :cool: The cool part is there is no limit to the imagination and the resulting password can be as close as random characters. How do you create your password?
Yusuf May I help you?
Don't forget to include a couple of :-) in you pwd. (or :-( for your online banking).
-
Yusuf wrote:
How do you create your password?
Take a poem, song lyric, quote, etc, and use the first letter from each word. You can get 20-30 characters easy. That other stuff is just too hard to remember.
"One man's wage rise is another man's price increase." - Harold Wilson
"Fireproof doesn't mean the fire will never come. It means when the fire comes that you will be able to withstand it." - Michael Simmons
Passwords are just a giant PITA tho. It bugs me that just about any site or organisation I go to that requests I use a password, all have a completely different policy on how the password is composed, some accept all alphanumeric characters, some don't, some specify a number at the start of the string, others at the end, it leads me to having a multitude of passwords, that, more often than not, I have to go through the rigmarole of resetting a password everytime I visit a site, because I cant remember the exact sequence of characters for that specific sites password. Now surely that is defeating the object of having a password in the first place. With that in mind, you can see why some people just use strings like "123456" as at least it is easy to remember. I wish someone would invent another way to protect access to your stuff on line.....
-
even if they are hashed, you can find out who uses "123456" by generating the hash for "123456" and finding the matches in your list of hashed pwds.
