I love “shadow,” “batman,” “master,” and “trustno1,” clearly passwords chosen by leet hacker types very proud of their cleverness.
The answer of course is “no.” I have phrases that only I know (here’s a major security leak: if you’re familiar with the angsty poetry I wrote as an adolescent, you might know them, too!), and I convert them into alphanumeric passwords. I think they’d be tricky to guess.
Since we are regularly warned not to use the same password for multiple accounts, my password for each of my accounts is also unique. In the news the other day they mentioned people getting their frequent flyer mileage accounts “hacked.” This is a problem because the miles can be used like cash to buy goods. Apparently these people had used the same password for the FF account as they had on some other account; the other account is what actually got hacked, and then the thieves just used that password to get at their FF miles.
Nope. Though I can generally figure out one of my friends, he cycles through WW2 Japanese Capital ship names. My favorite passwords actually come off a list generated for me by a friend, they have absolutely nothing to do with any facet of my real life, he even generated fake family names and history to cover the security questions. You can social engineer my senile mom as much as you like, none of the information you get from her will match my fake info =)
No. I’m in charge of changing about 60 passwords every 90 days on some database servers. Here’s the requirements for the passwords:
a) Must be at least 16 characters long
b) Must not contain the username
c) Must contain at least two lowercase characters: abcdefghij etc.
d) Must contain at least two uppercase characters: ABCDEFG etc.
e) Must contain at least two digits: 0123456789
f) Must contain at least three special characters: ~!$^()`*,-/:;<=>?_
g) Must not contain a “bad” special character: Space.|@{][}+&%#
h) Must start with an alphabetical character.
i) Max of 2 repeating characters: i.e. not “111”.
j) The first 8 characters must contain at least one digit.
k) The first 8 characters must contain at least one special character.
l) The first 8 characters must contain at least one upper case letter.
m) The first 8 characters must contain at least one lower case letter.
n) Must not have been used before in the last 5 years.
Yes. I run some virtual machines on my computer. All of these virtual machines have the password “password”. I’ve been doing this for years and haven’t had any problems. If one of the VMs did get compromised I would just destroy and recreate it. An attacker wouldn’t be able to get from the VM to the host machine and someone who had control of the host machine wouldn’t bother with the VMs so I don’t bother worrying about them.
My state has a website to apply for state jobs and it also is used by current employees for time keeping. They have rules like Jerry posted above and make everybody change the account password frequently.
A friend with a state job tells me that on nearly everybody’s screen is a post-it note with the current password written down on it!
What, no “must have at least 4 characters different from the previous password” rule? Without it, just find two consecutive digits and increment the value by 1 for each change; that’s 100 different passwords.
Back when I was in college in the 1980s, the most popular password apparently was “spaceman”.
Nope. All of my passwords contain at least one capital letter, one letter, one number and one item of punctuation. The rest of the password is a combination of two pieces of information that are easy to remember separately, but not so easy to guess.
So one entirely hypothetical example, if my dog’s is name Spot, I might create a password that is Dog1=Spot! That relationship is very easy for me to remember because it’s useful and relatable information… but even if you knew I had a password based on my dog’s name, are you going to be able to guess that exact password? Not likely; the punctuation alone creates millions of possible options.
Also… my security questions are never real answers. They’re passwords of their own. So if the security question is “Where did you meet your wife?” I might just put “Dog1=Spot!” there as well. Otherwise, you can break most people’s security questions just by looking at their FaceBook page.
Why are those “bad” special characters? I see a few of them that I use from time to time.
One place I worked would not let you use any special characters other than ‘-’ and ‘_’. Grrr.
Another place I worked said that my password had to have 3 of the 4 categories of characters: lower case alpha, upper case alpha, numerals, special character. I tried a password that had a lower case letter, and upper case letter, and a numeral. It wouldn’t let me use that password. I had to add a special character. I don’t have a problem with that, but don’t tell me I can skip one of the categories, then tell me, “No, not that one!”
Aha! I’m onto you. You just want to eliminate those 25 possibilities when you do an exhaustive search through the possibilities of my passwords.
Well, I’m not going to tell you!
