People use these passwords because they are LAZY, that’s it…
My passwords are something like bk383bndjsdfHR3dT. I write them down in a book (Nothing specifying what the password is for) and after a few, say 20-30, entries I’ll usually have that password memorized.
People who cry “MY ACCOUNT WAS HACKED” are just victims of their own stupidity, nothing more. Okay, there are exceptions but the majority of these cases are weak passwords.
TIP to others…
If you want a complex password every time, and don’t always want to remember a new 20+ character password just create the first 15 characters as a “default” (these 15 characters would be the first 15 of all/most of your new passwords) and what ever you add to it would in turn be your password… This way you only have to remember a new 5 character password but in actuality it is 20 characters… This isn’t the perfect solution to the problem but it’s a simple idea to help improve your password’s strength.
No, if you read the description, they are the 500 most common, supposedly. The headline says “worst” but I suspect that’s just because the website considers the concepts to be equivalent.
I just add 1. I’ve only come across one password system that threw me for a loop. It had to have 8 characters, at least one lowercase letter, one uppercase letter, a number and a symbol. I was so befuddled that I decided the site wasn’t worth signing up for.
Em…that means the same thing. They’re the worst because they’re the most popular. Anyone trying to crack your account will go through this list from 1st to last because they’re ranked by prevalence. He’ll crack your password fastest.
It’s certainly not the best. But unless someone knew your one password and knew everything that you were registered with, it doesn’t do them too much good.
Woo, an opportunity to complain about how almost every job site out there requires you to register before you can apply for a goddamn thing, which ALONE makes up almost 1/3 to 1/2 of my passwords, most of which I may never use again!
It’s gotten bad enough that my estimation of a company goes up dramatically if their job section does NOT require registration.
I’m somewhat dubious of this list. A few questions spring to mind. How was it collected? They studied the passwords to what, exactly? Online banking? Porn websites? How many user accounts and passwords did they study? How did they get hold of the information? And besides, aren’t most password files encrypted? Even the administrator can’t see someone’s password, only reset it. I’m also doubtful of the four character passwords. Most systems will require at least 6 characters, some more than that.
It doesn’t seem like a good idea to me. Using a single password for all completely nonessential uses would be fine (it doesn’t matter if someone hacks my DakkaDakka account, for instance), but the more places you use a password, the more chances there are that you give it to someone dishonest.
No, they’re the most popular that were discovered. It doesn’t matter if 10% of the population uses 4kecj309 as their password if noone knows it’s a popular password.
It’s surprisingly easy to ‘crack’ a “shadow” password file on most Unix-based systems with tools like John the Ripper or rainbow tables. We crack our own servers now and then just to see if people are using good passwords or not.
Another hint on how to create a good, random-looking password that is still easy to remember: I make up a long-ish sentence or phrase that I can remember–“Johnny’s school will be pissed if he misses 1 more class session!” or some such. Then use the first letter, each number, and punctuation as the password-- ‘Jswbpihm1mcs!’ I often use a couple of short sentences, or a phrase with a comma, etc. so that there’s a punctuation symbol and/or another capital letter in the middle too. Combining length, upper- and lower-case, punctuation symbols, and numbers, this should meet almost any password criteria you’ll find while being pretty tough to crack.
I used to use the same password for every site, for convenience, until one day I got a scary email from ebay about a hacked account. It was probably just a phishing attempt, but it freaked me out. If someone got my password for a website, they could also try it on my yahoo email address, and then skim my inbox for other places I have signed up for… Lots of chaos could ensue.
So, I created a system for establishing passwords at any site. The system is easy to remember, and the password it generates will have upper and lower case letters as well as numbers. I can scale it up to 10 characters, or down to 6, depending on the requirements of the site. No two passwords are identical.
Admittedly, there are weaknesses in my system, but I am probably safer then the majority of people on the net.
WAG: perhaps this list was generated by a brute force attempt at breaking into various things. As I understand these things, hackers usually start with a dictionary of common words, names, and numbers, as well as strings like “qwertyui” and “aaaa.”
Who really needs uncrackable passwords? If I don’t do any online financial transactions, what is the absolute worst that can happen to a careless web browser? Can anyone ‘fry’ my harddrive, for example, or ‘kill’ my computer in any way? What is the likelihood of being targeted in the first place?