Do You Use Any Of These Passwords?

In My Humble Opinion
41

To say ‘password’ is never a good password is to miss an important point.
Many websites where one’s security is relatively unimportant require passwords. The password for septimus at this very website may be easy to guess. I strongly doubt any trouble-maker will start posting right-wing gibberish in my name, but wouldn’t much care if it happened. Far more foolish than using an easy password here would be to use the same password as I use at my brokerage account. Then someone who sniffs me at my low-security interaction here might get access to my money.

Many websites reject ‘password’, wanting something more secure, so I have that too.

I’ve had a recurring nightmare that I forgot the combination to my high school locker. I’ve forgotten several web passwords, and even had to phone my stockbroker once when I got locked out after three misguesses. :smack:

42

HAHAHAHA! I’m laughing at “Michael” and “Football”!!! Why Michael? I understand football, since it’s the most sport popular worldwide…

What’s funny is, I got a new job recently and chose my password to be a variation of a musical mode. The IT entered the variation I chose incorrectly, so EVEN I had to memorize the silly thing. Looks more like an extinct animal’s name now than anything musical. So I know no one could be using this one.

43

Not according to Password Strength Checker. Yours is worse than, say, “1234asdf”.

44

I wonder if that password strength checker was updated after the relevant XKCD comic went up.

45

I’ve never known anyone with a pet wombat.

46

Definitely this. There’s this whole thing about password strength requiring special characters and numbers and stuff, which is fine except for two things. One, it makes them harder to remember, and people will tend to abuse the rules.

For instance, the idea behind that is that you’d take a phrase and work in common replacements. Instead, people will end up capitalizing it and throwing on a number and a special character at the end. Take that and put in Password1!, it shows up as strong, and yet it’s about the simplest version you can get. Or if you have longer requirements, something like Password12!@ gets you 100%, but it’s not really doing you any good.

Now let’s look at it mathematically. If you assume alpha-numeric and 35 special characters, you get 97 possibilities, so with a 12 character password, you theoretically get 4.70e104 possible passwords, but as you can see from the above examples, you’re much more likely to get things on the simplest end, and to get something that actually fits the intended complexity, you get something very difficult to remember, so people end up writing it down which, of course, defeats the whole purpose and, as the xkcd comic points out, you end up with a LOT less security that you think you have. That is, you basically have a dictionary attack with a few alternatives like whether or not it’s capitalized and some common trailing bits that fit the requirement and possibly some common replacements. Overall, the dominating factor isn’t all the extra stuff, it’s the dictionary attack.

That’s why the alternative, while theoretically having fewer possibilities, is actually more secure because it’s polynomially larger in the dominating factor, which is the dictionary attack, but using not just one but four words. And if you want to make it even more secure, you can still throw in capitalizations, spaces/punctuation, and maybe a common replacement somewhere.

Either way, when looking at security, it’s foolish to look at it from a naive brute force attack but realize what sort of patterns will fit the minimum requirements and how long those take to break.

As for the actual question in the OP, I’ve used passwords like those on occassion. I’ll use them as default passwords or for accounts where I don’t care if someone gets into it.

47

Plus you have all those horny middle-aged guys reminiscing about WKRP in Cincinnati.

48

#15 “sunshine” is interesting. It played a part in the cracking of the German WW-II enigma code. The manual that came with the encryption machines recommended starting each message with a nonsense word, and gave “Sonnenschein” (sunshine) as an example. As a result, a fairly high percentage of messages started with the word Sonnenschein, which facilitated a known text attack.

49

I have relatively easy passwords for things that don’t really require high security, like my Facebook and Straight Dope account (not as easy as ‘‘password,’’ but probably not super secure either.) I have what I think is a pretty damned good password for my financials; it looks like random letters and numbers strung together but is very easy for me to remember.

50

And then there’s the other website with no justification for passwords that has absolutely absurd requirements.
Must include[ul]
[li]Upper case letter[/li][li]Lower case letter[/li][li]Special character[/li][li]Number[/li][/ul]And change every 90 days

My current password

Password=9

Anyone want to guess what will be next? Yep.

Password=10

51

:smiley: Correct. Major X-Phile here. I have used trustno1 but I also use more obscure references that only a really serious X-Phile would ever consider, such as Shiloh.

“Huh?,” you say?

In the X-Files computer game, Shiloh is the computer password used by the player’s FBI agent alter ego.

My work requires password changes every 60 days or whatever it is. When IT resets your password, they make it a regular word with letters like S, E, I or O in it that can be substituted with numbers - sunsh1ne is one of them (they could have also made this 5un5h1n3 to make it harder but still easy to remember). I use the same principle for my passwords and choose words that I can do this with, but I make mine much more obscure and random. Unfortunately, we can’t use symbols so I can’t substitute A for @, etc.