So how strong is your doper password? Mine actually falls into the majority, with only lower case, 6 characters (but not a word in any language) the same password I use for most low-security login sites. Stuff that would cause real damage if it got breached, such as gmail and my bank account, get the upper/lower/number/! treatment.
Seriously folks, there’s no good reason not to have a strong password (at the minimum, it should not be a word!). I work in IT, so I see lots of stupid passwords, and I’ve even correctly guessed them before. And half the time, it’s written on a post-it somewhere within view of the monitor.
My password I use for everything is one of four variations that all include: my middle school id number, four digits of my first phone number as a kid, and a random letter or two.
Yeah, a lot of my coworkers in the past have used their children’s names as passwords. Or pets.
Mine is a random array of lowercase, caps, and numbers. I’ve been using variants of it since college.
A friend of mine advises creating a “key” that you’ll always remember- he uses two or three letters and a number. And then, when you write your password down, write 56 99 ABC or whatever. So the whole password is never written, and you are the only one who knows your key, which is inserted into the “99” space. Apparently, when he was in the military in the UK 30+ years ago, that’s how they did it? Or something like that.
I have two completely unrelated words, with several character substitutions. Pretty strong, I’d guess (although I’ve been using it for a LONG time, and it’s probably getting a bit worn around the edges).
I’m curious about the graph near the top of the article linked by the OP. What does the distribution of upper case, lower case, numeric, and special characters in a password have to do with its length?
Also, from an older source (Mark Burnett’s 2005 book “Perfect Passwords: Selection, Protection, Authentication,”) here’s a table of the “Top 500 Worst Passwords Of All Time”:
N Top 1-100 Top 101–200 Top 201–300 Top 301–400 Top 401–500
1 123456 porsche firebird prince rosebud
2 password guitar butter beach jaguar
3 12345678 chelsea united amateur great
4 1234 black turtle 7777777 cool
5 pussy diamond steelers muffin cooper
6 12345 nascar tiffany redsox 1313
7 dragon jackson zxcvbn star scorpio
8 qwerty cameron tomcat testing mountain
9 696969 654321 golf shannon madison
10 mustang computer bond007 murphy 987654
11 letmein amanda bear frank brazil
12 baseball wizard tiger hannah lauren
13 master xxxxxxxx doctor dave japan
14 michael money gateway eagle1 naked
15 football phoenix gators 11111 squirt
16 shadow mickey angel mother stars
17 monkey bailey junior nathan apple
18 abc123 knight thx1138 raiders alexis
19 pass iceman porno steve aaaa
20 fuckme tigers badboy forever bonnie
21 6969 purple debbie angela peaches
22 jordan andrea spider viper jasmine
23 harley horny melissa ou812 kevin
24 ranger dakota booger jake matt
25 iwantu aaaaaa 1212 lovers qwertyui
26 jennifer player flyers suckit danielle
27 hunter sunshine fish gregory beaver
28 fuck morgan porn buddy 4321
29 2000 starwars matrix whatever 4128
30 test boomer teens young runner
31 batman cowboys scooby nicholas swimming
32 trustno1 edward jason lucky dolphin
33 thomas charles walter helpme gordon
34 tigger girls cumshot jackie casper
35 robert booboo boston monica stupid
36 access coffee braves midnight shit
37 love xxxxxx yankee college saturn
38 buster bulldog lover baby gemini
39 1234567 ncc1701 barney cunt apples
40 soccer rabbit victor brian august
41 hockey peanut tucker mark 3333
42 killer john princess startrek canada
43 george johnny mercedes sierra blazer
44 sexy gandalf 5150 leather cumming
45 andrew spanky doggie 232323 hunting
46 charlie winter zzzzzz 4444 kitty
47 superman brandy gunner beavis rainbow
48 asshole compaq horney bigcock 112233
49 fuckyou carlos bubba happy arthur
50 dallas tennis 2112 sophie cream
51 jessica james fred ladies calvin
52 panties mike johnson naughty shaved
53 pepper brandon xxxxx giants surfer
54 1111 fender tits booty samson
55 austin anthony member blonde kelly
56 william blowme boobs fucked paul
57 daniel ferrari donald golden mine
58 golfer cookie bigdaddy 0 king
59 summer chicken bronco fire racing
60 heather maverick penis sandra 5555
61 hammer chicago voyager pookie eagle
62 yankees joseph rangers packers hentai
63 joshua diablo birdie einstein newyork
64 maggie sexsex trouble dolphins little
65 biteme hardcore white 0 redwings
66 enter 666666 topgun chevy smith
67 ashley willie bigtits winston sticky
68 thunder welcome bitches warrior cocacola
69 cowboy chris green sammy animal
70 silver panther super slut broncos
71 richard yamaha qazwsx 8675309 private
72 fucker justin magic zxcvbnm skippy
73 orange banana lakers nipples marvin
74 merlin driver rachel power blondes
75 michelle marine slayer victoria enjoy
76 corvette angels scott asdfgh girl
77 bigdog fishing 2222 vagina apollo
78 cheese david asdf toyota parker
79 matthew maddog video travis qwert
80 121212 hooters london hotdog time
81 patrick wilson 7777 paris sydney
82 martin butthead marlboro rock women
83 freedom dennis srinivas xxxx voodoo
84 ginger fucking internet extreme magnum
85 blowjob captain action redskins juice
86 nicole bigdick carter erotic abgrtyu
87 sparky chester jasper dirty 777777
88 yellow smokey monster ford dreams
89 camaro xavier teresa freddy maxwell
90 secret steven jeremy arsenal music
91 dick viking 11111111 access14 rush2112
92 falcon snoopy bill wolf russia
93 taylor blue crystal nipple scorpion
94 111111 eagles peter iloveyou rebecca
95 131313 winner pussies alex tester
96 123123 samantha cock florida mistress
97 bitch house beer eric phantom
98 hello miller rocket legend billy
99 scooter flower theman movie 6666
100 please jack oliver success albert
I don’t recall what the source of the list or the qualification for them being the worst was.
I don’t know. I need to input a password to get my voice-mail. Why should I worry about my voice-mail being secure? I use 1111 because I can punch it in without looking.
There was a log of an IRC conversation I read that went something like that.
“My password is ****”
“Well mine is *******”
“Wow that works?”
“yes”
“Cool! my password is 420the666kid69”
People on the internet can be stupid.
Also, on #apprentice, one of the @s (Brimstone was his name I think) was notorious for typos. On multiple occassions he typed “j/oin #e-judge cabbage” into #apprentice which gave away the password to over 100 people.
The importance of strong passwords is vastly overrated because it makes IT security people look like they’re doing something.
You do need them – for anything to do with your personal finance or things like medical records. And it’s good to avoid the obvious ones.
But if someone hacked into my New York Times login, they can read the Times and it won’t be me! Disaster!
As for e-mail, most scammers just phish for a password and use that. I don’t care how complex your password it – if you send it out to others, you’re going to get caught.
There was an intriguing article on the subject in last week’s Boston Sunday Globe.
Very similar in my case. Lightweight sites/accounts get a variant on a simple basic set; really dangerous ones get a stronger protection. The long nonsense character string just doesn’t work well for me for mundane sites insofar as I have a horrible time remembering passwords; it has to have some sort of meaning or association in my mind.
I’ve got one password for all my ‘low-security’ accounts, i.e. those sites where logging in doesn’t enable me to buy anything or otherwise shell out $$ as a result of having provided that password.
It’s a pretty simple password, if you’re me. If you’re not, you’re unlikely to guess it. But since I use that same short password at a whole bunch of sites, I’m not using it anywhere that a breach could cost me money. Here, the worst that could happen is that someone posts a lot of crap pretending to be me (I know: how would you know the difference? :)) and I might need to do some quick explaining to the admins if I wanted to remain a Doper.
I use a set of varying passwords for sites like Amazon where I use the password to shell out money for stuff, and I change them periodically.
