RockYou Hack Reveals the Worst 20 Passwords
-
from the article: By far, the most popular password on the site was "123456," apparently satisfying a minimum character limit on the site's password restrictions, but doing little for security. A full 290,731 users used this password, far more than the runner-up, the slightly less complex "12345, which attracted 79,078 uses. clickty[^] I have learned a simple trick to create mid-to-strong password by simple substitution. Let us take "codeproject" as case example, it goes as follows - first let us capitalize some letters => CodeProject - substitute "o" with "0" => C0deProject - upper case e (E) can be imagined as mirror image of 3 => C0d3Pr0j3ct - let us sprinkle some chars (SHIFT 3 = # on the US layout keyboard) => C0d#Pr0j#ct - Finally P can be imagines as mirror image of 9 => C0d#9r0j#ct So we went from codeproject => C0d#9r0j#ct and I can use Code Project as my password hint. :cool: The cool part is there is no limit to the imagination and the resulting password can be as close as random characters. How do you create your password?
Yusuf May I help you?
I've been thinking, for quite some time, on coming up with an algorithm to generate passwords on the spot for any site that would satisfy a few requirements: 1. MUST be simple enough to do in my head (or it will be unusable) 2. Changes predictably from site to site for someone who knows the details of the algorithm (which would be only myself) a. Includes components from the name of the website (ensures different passwords for different sites) b. Includes a random element (my master password, if you will) to ensure that even if someone knew the algorithm, they would still be missing a crucial piece to generate the password 3. Includes some sort of serialization; in the event that I need to change a password, I could generate using the next password off of a set iteration technique 4. Meets standard best password techniques (mixes of upper- and lower-case letters, numbers, and symbols); but is flexible enough to drop one or more of these if the site does not allow them 5. Ditto for password length 6. Can predict the stock market and alter reality, and will cause me to be chased by various governmental agencies and religious societies who want to use the algorithm for various unspecified nefarious or not-so-nefarious purposes.[^] Any suggestions?
-
from the article: By far, the most popular password on the site was "123456," apparently satisfying a minimum character limit on the site's password restrictions, but doing little for security. A full 290,731 users used this password, far more than the runner-up, the slightly less complex "12345, which attracted 79,078 uses. clickty[^] I have learned a simple trick to create mid-to-strong password by simple substitution. Let us take "codeproject" as case example, it goes as follows - first let us capitalize some letters => CodeProject - substitute "o" with "0" => C0deProject - upper case e (E) can be imagined as mirror image of 3 => C0d3Pr0j3ct - let us sprinkle some chars (SHIFT 3 = # on the US layout keyboard) => C0d#Pr0j#ct - Finally P can be imagines as mirror image of 9 => C0d#9r0j#ct So we went from codeproject => C0d#9r0j#ct and I can use Code Project as my password hint. :cool: The cool part is there is no limit to the imagination and the resulting password can be as close as random characters. How do you create your password?
Yusuf May I help you?
-
I've read a few more articles about the breach. Plaintext passwords in the DB and a simple SQL injection attack were involved.
3x12=36 2x12=24 1x12=12 0x12=18
-
Ah, you mean in terms of auditing "weak" passwords, and not in terms of trying to hack into a system...
In terms of both. It won't get you a specific victims account, but testing every users password against the idiot list will let you access a large number of random accounts. Depending on what sort of mischief you're up to that may be sufficient.
3x12=36 2x12=24 1x12=12 0x12=18
-
from the article: By far, the most popular password on the site was "123456," apparently satisfying a minimum character limit on the site's password restrictions, but doing little for security. A full 290,731 users used this password, far more than the runner-up, the slightly less complex "12345, which attracted 79,078 uses. clickty[^] I have learned a simple trick to create mid-to-strong password by simple substitution. Let us take "codeproject" as case example, it goes as follows - first let us capitalize some letters => CodeProject - substitute "o" with "0" => C0deProject - upper case e (E) can be imagined as mirror image of 3 => C0d3Pr0j3ct - let us sprinkle some chars (SHIFT 3 = # on the US layout keyboard) => C0d#Pr0j#ct - Finally P can be imagines as mirror image of 9 => C0d#9r0j#ct So we went from codeproject => C0d#9r0j#ct and I can use Code Project as my password hint. :cool: The cool part is there is no limit to the imagination and the resulting password can be as close as random characters. How do you create your password?
Yusuf May I help you?
Yusuf wrote:
How do you create your password? Yusuf
I like to create passwords using phonetic replacement so take a phrase like: All men are created equal This would become something like: @m3nRCr8ted= even if someone knows the 'gist' of the password (like for instance your pet's name or something) it makes it much more difficult to guess. I like mathematical and boolean operators too, like: power to the people ^2dPpl Candy Apple K&&3@pl -B
-
200,000 users have now changed there password to C0d#9r0j#ct, with a hint that is a link to this thread. :laugh:
hmmm, it'll be the 1 password in dictionary.
Yusuf May I help you?
-
from the article: By far, the most popular password on the site was "123456," apparently satisfying a minimum character limit on the site's password restrictions, but doing little for security. A full 290,731 users used this password, far more than the runner-up, the slightly less complex "12345, which attracted 79,078 uses. clickty[^] I have learned a simple trick to create mid-to-strong password by simple substitution. Let us take "codeproject" as case example, it goes as follows - first let us capitalize some letters => CodeProject - substitute "o" with "0" => C0deProject - upper case e (E) can be imagined as mirror image of 3 => C0d3Pr0j3ct - let us sprinkle some chars (SHIFT 3 = # on the US layout keyboard) => C0d#Pr0j#ct - Finally P can be imagines as mirror image of 9 => C0d#9r0j#ct So we went from codeproject => C0d#9r0j#ct and I can use Code Project as my password hint. :cool: The cool part is there is no limit to the imagination and the resulting password can be as close as random characters. How do you create your password?
Yusuf May I help you?
Think of a sentence that you can easily remember, and enter the first letter of every word in caps then finish off by adding something like: $j1
-
from the article: By far, the most popular password on the site was "123456," apparently satisfying a minimum character limit on the site's password restrictions, but doing little for security. A full 290,731 users used this password, far more than the runner-up, the slightly less complex "12345, which attracted 79,078 uses. clickty[^] I have learned a simple trick to create mid-to-strong password by simple substitution. Let us take "codeproject" as case example, it goes as follows - first let us capitalize some letters => CodeProject - substitute "o" with "0" => C0deProject - upper case e (E) can be imagined as mirror image of 3 => C0d3Pr0j3ct - let us sprinkle some chars (SHIFT 3 = # on the US layout keyboard) => C0d#Pr0j#ct - Finally P can be imagines as mirror image of 9 => C0d#9r0j#ct So we went from codeproject => C0d#9r0j#ct and I can use Code Project as my password hint. :cool: The cool part is there is no limit to the imagination and the resulting password can be as close as random characters. How do you create your password?
Yusuf May I help you?
I let RoboForm choose a truly random password for me. Unfortunately, any semi-mechanical system such as you've outlined makes it easier to attack. There are tools out there right now that will take a list of dictionary words and transform them into l33tSp34k. While that increases the password-space by 3 or 4 times, but that's nowhere near a random password, in which all possible combinations have to be tried. Note: I'm not associated with Roboform, just a satisfied customer.
-
your hint is: "There only only 10 kinds of programmers. Those who get it, and those who do not."
3x12=36 2x12=24 1x12=12 0x12=18
Dan Neely wrote:
your hint is: "There only only 10 kinds of programmers. Those who get it, and those who do not." 3x12=36 2x12=24 1x12=12 0x12=18
Loved you hint! Had me LOL. I guess that's because I'm the 11th type of programmer, the type that gets it. How many bugs can one line of code have?! --- Adar Wesley