Author Topic: Hacked password list offers security insights (Read 2610 times)

Texas Mac Man · « **on:** February 09, 2009, 09:05:48 PM »

Hacked password list offers security insights

The Top 500 Worst Passwords of All Time

Most all of my passwords are different, but a close variant. None of my financial sites use the same password. Some are all alphas, while others are alphanumeric. All have at least 6 characters. The problem I have is that I have to frequently use a "cheat sheet" to refresh my memory. Didn't find any of my passwords in the top 100.

Do you use multiple passwords? And some of the top 100 worst ones?

Highmac · « **Reply #1 on:** February 10, 2009, 01:19:32 AM »

A couple on there are the basics of my main ones, but I've varied them with extra letters, numerals and the odd capital. Nothing is unbreakable to the determined but, like the police tell us, put some sort of alarm on your house and the casual burglar will move on to an an easier target

Jack W · « **Reply #2 on:** February 10, 2009, 09:55:59 AM »

A lot of sex related items on the list which I won't mention.
People with their minds in the gutter?

I didn't see any with mix of upper/lower case letters, and very few with alphanumerics. (were there any?

I use alphanumerics and a mix of upper/lower case/numerics on sensitive sites.

As Highmac said, a mix of these provides the best protection.

Several months ago, if I remember correctly (not always the case)

, somebody referenced a site that tested passwords for viability. Mine were pretty clean. I just hope somebody wasn't phishing for passwords on that site!

- Jack

Mayo · « **Reply #3 on:** February 10, 2009, 11:45:14 AM »

QUOTE

Nothing is unbreakable to the determined

I gotta disagree with you Neil. A strong password that combines upper and lower-case letters, numbers and common punctuation marks is unbreakable, for all intents and purposes...

Here is something that I posted in another thread:

Paddy, I tried the Brute Force Attack calculator link that is accessible on the Web page that you provided. I entered the following specs for my primary "high security" password:

Password length: 12 characters
Speed: 500,00 passwords/second
One computer undertaking the brute force attack
My password contains: Characters in lower case, characters in upper case, digits and common punctuation.
Estimated time required to crack my password: 1,733,781,599 years

Hmmm... That seems secure enough to me!

Paddy · « **Reply #4 on:** February 10, 2009, 04:19:23 PM »

QUOTE

I didn't see any with mix of upper/lower case letters, and very few with alphanumerics. (were there any?

Nope - that's the point; these were the 500 WORST passwords.

QUOTE

From the moment people started using passwords, it didn’t take long to realize how many people picked the very same passwords over and over. Even the way people misspell words is consistent. In fact, people are so predictable that most hackers make use of lists of common passwords just like these. To give you some insight into how predictable humans are, the following is a list of the 500 most common passwords. If you see your password on this list, please change it immediately. Keep in mind that every password listed here has been used by at least hundreds if not thousands of other people.

kimmer · « **Reply #5 on:** February 10, 2009, 05:40:08 PM »

I try to always use a secure password for vital stuff - a combo of numbers and upper/lower case letters. I used to have a 5 page printed cheat sheet, and then I realized that if I lost that I was in big trouble, so now I let 1Password do all the remembering for me -- and yeah, I back up that file and keep the backup where it's safe.

I had one password that I reused. I figured it was at yahoo and a couple of piddly boards that I used to visit (and not this one!) ... so I wasn't worried. Until someone hacked into my yahoo acct, used the IM and suddenly I logged in one day and there were .... ermmm ...

nasty little messages. Plus I started receiving rather vile emails. So I had to trash my entire yahoo ID and now even my new yahoo id has a numeric/letter password; as does every board I belong to.

That was an interesting list to read.

Maybe it's time to change my password here. Never hurts to change things around.

jcarter · « **Reply #6 on:** February 10, 2009, 08:08:53 PM »

That is interesting, my passwords are pretty anemic. Though I did change the ones for banking and that sort of stuff, after Mayo's post last week.
Made a mix of letters, numbers, uppercase and lowercase. No pet names! No addresses or zip codes!
Our kids at work at .edu sites change theirs all the tiime and use pretty hard to figure out stuff.
Here at home its not serious, but I am glad youve brought this stuff to our attention.
I like the latin names for fish and bacteria!
Jane

krissel · « **Reply #7 on:** February 15, 2009, 02:26:47 AM »

There is one problem in thinking your password would take x number of years to crack. That is the time estimated it would take to try all possible combinations. But there is the possibility that the combo you used might be one of the earliest of those attempted.

daryl66 · « **Reply #8 on:** February 15, 2009, 12:16:21 PM »

QUOTE(krissel @ Feb 15 2009, 03:26 AM) <{POST_SNAPBACK}>

There is one problem in thinking your password would take x number of years to crack. That is the time estimated it would take to try all possible combinations. But there is the possibility that the combo you used might be one of the earliest of those attempted.

I took it one step further. This computer travels with my wife and it is really the "main machine". Like others I use a "cheat sheet". While it never has happened the possibility of a loss or stolen machine does exist.

I have encrypted the cheat sheet with "Encript This". The only disadvantage I can see is that it creates a "read only" file so when a new password is required I have to copy the un-encrypted file, add the new information and save it as a new file. Somewhat cumbersome but it does give peace of mind when the laptop "hits the road"

Daryl

Mayo · « **Reply #9 on:** February 15, 2009, 12:58:56 PM »

Daryl, an alternative to your system is Web Confidential. I have used it for years. It is the digital equivalent of keeping your passwords on categorized index cards. You can store more than passwords in Web Confidential: I keep my credit cards, bank account numbers, FTP logins, family personal info such as social security numbers, etc. The categories make it simple to create, store and locate whatever you need.

And, of course, all the data is encrypted. No more having to save and encrypt a new file. New data can be automatically saved at an interval you set and/or when you quit Web Confidential.

An iPhone version is in the development stage.

daryl66 · « **Reply #10 on:** February 15, 2009, 01:32:07 PM »

QUOTE(Mayo @ Feb 15 2009, 01:58 PM) <{POST_SNAPBACK}>

Daryl, an alternative to your system is Web Confidential.

Thanks. I will check it out.

Daryl

Xairbusdriver · « **Reply #11 on:** February 15, 2009, 04:41:21 PM »

And <1Password> has also been mentioned...

News:

Author Topic: Hacked password list offers security insights (Read 2610 times)