Jansport (the backpack manufacturer?)
My own username was a randomly-generated password that was assigned to me, but looked sort of like a real word.
I think it is equivalent to QWERTY or ASDFGH on some keyboard layout.
Cracked. Don’t bother trying to withdraw any money from your account. Empty.
My method is similar to RTFirefly - For any site where the only risk is embarrasment not financial loss I have a common password that I use and I’ve used it for years. Means nothing to anyone else but I can type it without thinking about it.
I have a slightly more secure pw for things that I pay for, and a much more secure pw for banking etc. What really irritates me are the sites that have obscure rules that negate the use of my secure pws. ie, must have no more than 6 and no less than 4 chars, 2 of which must be numbers, no symbols, one letter must be capitalized. (this is the actual set of rules for a site I decided I didn’t need access to that badly)
Not as far as I can tell. One of the more interesting suggestions from searching the term implies that it’s just a fake entry to make it easy to detect a copy of the original list. I think that’s a little more plausible than the other suggestions.
ETA: I use variations on a simple scheme that I won’t explain here for most sites where I don’t really care. I use randomly bashed out passwords that include numerics and punctuation for anything serious. I write them down. On paper. That goes in a locked cabinet.
All of my passwords are from the same song. I take the first letter of each word for a line, alternate it capitallistically, and envelope it in the same set of nuumbers/characters. So Mary had a little lamb would yield ?7MhAlL9! and ?7WfWwAs9! etc. I never have to write down anything, because generally speaking the further down the song I go the more secure I want the site. The Dope uses the first line, my bank has the fifth or sixth line. Whenever I’ve forgotten what I used, a couple quick tries at the variations works.
This has worked since about 1994. The song is long enough to have dealt with systems that require regular changing, and (relatively) obscure enough to not worry that it’s a known pattern.
I always try and use secure passwords regardless of the site as a rule. Not that I care if someone reads an article on goat felching with my login info, but as a blanket courtesy/practice I leave it up to the IT staff of the site to decide what is and isn’t secure post-login.
That’s a bash.org log, hunter2 was the password.
It has to be scripted right? It’s just too perfect!
We use password cracking software where I work. It’s pretty clear why you shouldn’t use whole words. The software can apply a dictionary attack and figure out your password in minutes.
Here’s some interesting stats on brute force password cracking speeds.
It sort of shows you why it’s important to include symbols and weird letters. The more obscure the character you use, the larger the character set the computer has to go through for each itteration.
Also, I love those idiotic movies where the password cracking software figures out each character of the password one by one like Wheel of Fortune or something.
So B33r&Mug takes 83 days? Add two characters to that and you have a password similar to mine. Let’s see them devote a super computer to cracking my password. A few months of work and they can have the couple of dollars in my bank account!
Chemical formulas. You have a string of random-looking letters and numbers, and it actually means something.
Does anyone know what total proportion of passwords those top 10 (or top 1000 or whatever) account for? Even if they’re the most common, that’s not too useful if they collectively only account for 0.1%, or whatever.
Myself, I have three levels of passwords. For things that shouldn’t even have a password to begin with, I use my birthdate, since that’s a common default for those things (if they know anything about me). For things where it makes sense to have a password but for which it wouldn’t really be a disaster if it were cracked, I always use the same thing. And for things where there’d be a high incentive for someone to crack it, or if it’d cause me big trouble, I create a new secure password for each one. The Dope was in the second category when I first joined, but I upgraded it to the third back when I became a mod, and have never had reason to downgrade it again.
For a secure password, I start with a non-dictionary word (a proper name, or from an obscure language, or the like) that I can somehow associate with the account in question. Then I substitute letters with upper-case, numbers, and symbols, until I have some of each.
Joke’s on you, sucker: it was already empty!
Foiled! Clever girl.
The admin. to the head of a dept. in a large corporation where I once worked actually used Password as her password. Duh… Another friend there and I discovered it while we were trying to get into a document she created and he needed and she wasn’t there. I had authority over the system and actually could have gotten in easily by changing her password but then she would “know”. It was more fun to try to guess. It was the first thing we tried and we almost peed our pants laughing…
Aw great. Now I have to change the combo on my luggage.
Yes it’s Jansport. Didn’t pick the name because I love their backpacks though. It was kind of given to me by a friend.
I’m abysmal at picking passwords. They have to be easy, or I forget them. I always think I’ll remember without writing them down, but I never do. I’m one of those dummies that has a dead pet’s name as a password for most stuff.
Maybe someone here more knowledgeable than me could enlighten me about this. How secure would a password containing my kids’ names with numbers and symbols be? For example, if I have kids named Jack and Jill who are 7 and 5 years old, would jack7&jill5 be fairly secure, or does the fact that there are names identifiable with me make it a bad pick?
I would replace some of the letters with numbers then add a letter for the website.
So for SDMB it could be sJack&Ji11 or Jack&ji11s. For a google login, you’d have it as gJack&Ji11 or Jack&Ji11g etc.
What is wrong with using password storage software like Password Safe? The software is passworded by a dynamite password, but only one, so that it is only necessary to memorize one of these little buggers. That gains access to all your passwords, which are transferred to the site in question by a double-click. To me this seems to eliminate all the problems with passwords.
I think the one I use to access the safe can be cracked in about 6 jillion years. Long enough for me.