Analysis of 32 MILLION breached passwords shows people use stupid passwords

Here's a quick look at the top ten:

123456
12345
123456789
Password
iloveyou
princess
rockyou
1234567
12345678
abc123

http://www.downloadsquad.com/2010/01/21/analysis-of-32-million-breached-passwords-shows-people-use-stupi/

President Scroob used 12345 for his briefcase . It was also the password to get the air from Planet Druidia. Jeez, how old is that movie????

:evilgrin:

What's your personal banking user name? Maybe that's a security risk.

It's not a my password. ;)
Whenever I make password I use patterns or shapes worked out on the keyboard.
figure eights, sine waves, piano or guitar riffs (superimposed over the keyboard)
Every password I've ever made has been pretty random other than forum PWs which aren't important.

How dare you suggest I am stupid!

That is inexplicable to me.

last part "you", first part slightly different

Seems pretty obvious to me.

Ergo, many people simply used "rockyou" as their password.

1) Pick a book
2) Pick a page at random
3) Pick a line from the page at random

I have chosen, "Sake: A Modern Guide." Page 82, paragraph 4, line 3

"marinade. Coat well and cover with plastic wrap. Refrigerate and"

Your password will be mCwacwpw.Ra

5) Write on an index card something to help you remember, like, "Sake P82P4L3" or 10 0-8118-4960-0 p82p4L3"
6) You can get fancy by using some Leet character substitutions,like mCw4acw9w.R@

You can even put all the password hints on your Kindle or eReader.

If this is too hard, try using song lyrics:

The Sun is a mass of incandescent gas, a gigantic nuclear furnace
TSiamoig,agnf

The more obscure the song, the better, as long as you have it memorized.

You can even put all the "password hints" in your iPod.

I blame IT paranoia for this in general. The idea that every single piece of software used in the corporate world requires a password that rarely if ever uses the same algorithm for acceptable options, and must be changed every 30 or 60 days has led to it being impossible, even for those with exceptional memories like mine, to keep track of them unless you standardize and simplify. At least Yahoo etc passwords are static.

These rules make software much LESS secure because you can almost guarantee every user has a file of passwords in their desk or on their C drive.

For interest I just checked. To do my job, which as is common requires many web-based programs as well as network and desktop based software, I need 17 passwords. I can standardize one password for 12 of them, but must of course synchronize changes to the shortest schedule to maintain them.

Of course when you add in user id's, which are even more variable in how they can be formatted, and we're well into the 20s that need to be remembred, most of them changed monthly.

Is it any wonder people use 123456 when they can?

they must be at least a certai amount of characters...they must contain both numbers and letters...etc.
i'm not going to remember 20 different passwords, and even if it isn't 'safe' i'm going to use the same password in as many places as i want, to make it easier for me to access it.

at least the last one is a combination of letters and numbers, a stupid combination, but better than using a real word, or just numbers.

huh...

and defunct phone numbers are great for PIN numbers. They're things you're always likely to remember even if you haven't had to use them for months.

Just rotate them occasionally.

Seems to work so far.