Author Topic: Hacked password list offers security insights  (Read 2612 times)

Offline Texas Mac Man

  • TS Addict
  • *****
  • Posts: 1722
    • View Profile
    • http://
Hacked password list offers security insights
« on: February 09, 2009, 09:05:48 PM »
Hacked password list offers security insights

The Top 500 Worst Passwords of All Time

Most all of my passwords are different, but a close variant. None of my financial sites use the same password. Some are all alphas, while others are alphanumeric. All have at least 6 characters. The problem I have is that I have to frequently use a "cheat sheet" to refresh my memory. Didn't find any of my passwords in the top 100.

Do you use multiple passwords? And some of the top 100 worst ones?


Cheers, Tom

Mac PRAM, NVRAM, CUDA/PMU & Battery Tutorial
https://sites.google.com/site/macpram/mac-p...attery-tutorial

Offline Highmac

  • Administrator
  • TS Addict
  • *****
  • Posts: 5455
    • View Profile
Hacked password list offers security insights
« Reply #1 on: February 10, 2009, 01:19:32 AM »
A couple on there are the basics of my main ones, but I've varied them with extra letters, numerals and the odd capital. Nothing is unbreakable to the determined but, like the police tell us, put some sort of alarm on your house and the casual burglar will move on to an an easier target smile.gif
Neil
MacMini (2018) OS10.14.6 (Mojave). Monitor: LG 27in 4K Ultra HD LED.
15in MacBook Pro (Mid 2014) OS10.13.4 (High Sierra);
15in MacBook Pro (2010), (ex-Snow Leopard); now OS10.13.6 (High Sierra); 500GB Solid-State SATA drive; 4GB memory.

Offline Jack W

  • TS Addict
  • *****
  • Posts: 2597
    • View Profile
Hacked password list offers security insights
« Reply #2 on: February 10, 2009, 09:55:59 AM »
A lot of sex related items on the list which I won't mention.
People with their minds in the gutter?

I didn't see any with mix of upper/lower case letters, and very few with alphanumerics. (were there any?

I use alphanumerics and a mix of upper/lower case/numerics on sensitive sites.

As Highmac said, a mix of these provides the best protection.

Several months ago, if I remember correctly (not always the case) oops.gif  wacko.gif , somebody referenced a site that tested passwords for viability. Mine were pretty clean. I just hope somebody wasn't phishing for passwords on that site!

- Jack
Good to be Here.

My Macs: 2010 27" alum iMac 2.8GHz, Snow Leopard 10.6.8/Mavericks 10.9.5, 4GB SDRAM (Workhorse),
13” Late 2010 MacBook Pro 2.4GHz, 10.6.8, 2GB SDRAM,
(2) External HD - Firewire/USB Macally Enclosures  with 1TB Hitachi Drives,
Time Machine external drive - ditto above - 1/2 TimeMac

Offline Mayo

  • TS Addict
  • *****
  • Posts: 3215
    • View Profile
    • http://
Hacked password list offers security insights
« Reply #3 on: February 10, 2009, 11:45:14 AM »
QUOTE
Nothing is unbreakable to the determined


I gotta disagree with you Neil. A strong password that combines upper and lower-case letters, numbers and common punctuation marks is unbreakable, for all intents and purposes...

Here is something that I posted in another thread:


Paddy, I tried the Brute Force Attack calculator link that is accessible on the Web page that you provided. I entered the following specs for my primary "high security" password:

Password length: 12 characters
Speed: 500,00 passwords/second
One computer undertaking the brute force attack
My password contains: Characters in lower case, characters in upper case, digits and common punctuation.
Estimated time required to crack my password: 1,733,781,599 years

Hmmm... That seems secure enough to me!
« Last Edit: February 10, 2009, 11:45:56 AM by Mayo »

Offline Paddy

  • Administrator
  • TS Addict
  • *****
  • Posts: 13797
    • View Profile
    • https://www.paddyduncan.com
Hacked password list offers security insights
« Reply #4 on: February 10, 2009, 04:19:23 PM »
QUOTE
I didn't see any with mix of upper/lower case letters, and very few with alphanumerics. (were there any?


Nope - that's the point; these were the 500 WORST passwords. wink.gif

QUOTE
From the moment people started using passwords, it didn’t take long to realize how many people picked the very same passwords over and over. Even the way people misspell words is consistent. In fact, people are so predictable that most hackers make use of lists of common passwords just like these. To give you some insight into how predictable humans are, the following is a list of the 500 most common passwords. If you see your password on this list, please change it immediately. Keep in mind that every password listed here has been used by at least hundreds if not thousands of other people.
"If computers get too powerful, we can organize them into committees. That'll do them in." ~Author unknown •iMac 5K, 27" 3.6Ghz i9 (2019) • 16" M1 MBP(2021) • 9.7" iPad Pro • iPhone 13

Offline kimmer

  • Administrator
  • TS Addict
  • *****
  • Posts: 9086
    • View Profile
Hacked password list offers security insights
« Reply #5 on: February 10, 2009, 05:40:08 PM »
I try to always use a secure password for vital stuff - a combo of numbers and upper/lower case letters. I used to have a 5 page printed cheat sheet, and then I realized that if I lost that I was in big trouble, so now I let 1Password do all the remembering for me -- and yeah, I back up that file and keep the backup where it's safe. wink.gif

I had one password that I reused. I figured it was at yahoo and a couple of piddly boards that I used to visit (and not this one!) ... so I wasn't worried. Until someone hacked into my yahoo acct, used the IM and suddenly I logged in one day and there were .... ermmm ...  blush-anim-cl.gif nasty little messages. Plus I started receiving rather vile emails. So I had to trash my entire yahoo ID and now even my new yahoo id has a numeric/letter password; as does every board I belong to.

That was an interesting list to read.

Maybe it's time to change my password here. Never hurts to change things around. wink.gif

Offline jcarter

  • TS Addict
  • *****
  • Posts: 5808
    • View Profile
    • http://www.jcarter.net/ourdogs/muffinpage.html
Hacked password list offers security insights
« Reply #6 on: February 10, 2009, 08:08:53 PM »
That is interesting, my passwords are pretty anemic. Though I did change the ones for banking and that sort of stuff, after Mayo's post last week.
Made a mix of letters, numbers, uppercase and lowercase. No pet names!  No addresses or zip codes!
Our kids at work at .edu sites change theirs all the tiime and use pretty hard to figure out stuff.
Here at home its not serious, but I am glad youve brought this stuff to our attention.
I like the latin names for fish and bacteria!
Jane

Offline krissel

  • Administrator
  • TS Addict
  • *****
  • Posts: 14736
    • View Profile
Hacked password list offers security insights
« Reply #7 on: February 15, 2009, 02:26:47 AM »
There is one problem in thinking your password would take x number of years to crack.  That is the time estimated it would take to try all possible combinations. But there is the possibility that the combo you used might be one of the earliest of those attempted.

smile.gif


A Techsurvivors founder

Offline daryl66

  • TS Addict
  • *****
  • Posts: 1047
    • View Profile
Hacked password list offers security insights
« Reply #8 on: February 15, 2009, 12:16:21 PM »
QUOTE(krissel @ Feb 15 2009, 03:26 AM) <{POST_SNAPBACK}>
There is one problem in thinking your password would take x number of years to crack.  That is the time estimated it would take to try all possible combinations. But there is the possibility that the combo you used might be one of the earliest of those attempted.

smile.gif

I took it one step further.  This computer travels with my wife and it is really the "main machine". Like others I use a "cheat sheet".  While it never has happened the possibility of a loss or stolen machine does exist.

I have encrypted the cheat sheet with "Encript This".  The only disadvantage I can see is that it creates a "read only" file so when a new password is required I have to copy the un-encrypted file, add the new information and save it as a new file.  Somewhat cumbersome but it does give peace of mind when the laptop "hits the road"

Daryl sleep.gif
2019 27" iMac OSX 14.4 2011 MBP OSX 10.13.6, 2017 MBAir OSX 12.7.4, iPad IOS 17.4.1, iPhone13 IOS 17.4.1, iPhone SE IOS 17.4.1, Watch 9, M2 MBA OSX 14.4

Offline Mayo

  • TS Addict
  • *****
  • Posts: 3215
    • View Profile
    • http://
Hacked password list offers security insights
« Reply #9 on: February 15, 2009, 12:58:56 PM »
Daryl, an alternative to your system is Web Confidential.  I have used it for years. It is the digital equivalent of keeping your passwords on categorized index cards. You can store more than passwords in Web Confidential: I keep my credit cards, bank account numbers, FTP logins, family personal info such as social security numbers, etc.  The categories make it simple to create, store and locate whatever you need.

And, of course, all the data is encrypted. No more having to save and encrypt a new file. New data can be automatically saved at an interval you set and/or when you quit Web Confidential.

An iPhone version is in the development stage.

Offline daryl66

  • TS Addict
  • *****
  • Posts: 1047
    • View Profile
Hacked password list offers security insights
« Reply #10 on: February 15, 2009, 01:32:07 PM »
QUOTE(Mayo @ Feb 15 2009, 01:58 PM) <{POST_SNAPBACK}>
Daryl, an alternative to your system is Web Confidential.

Thanks.   I will check it out.

Daryl
2019 27" iMac OSX 14.4 2011 MBP OSX 10.13.6, 2017 MBAir OSX 12.7.4, iPad IOS 17.4.1, iPhone13 IOS 17.4.1, iPhone SE IOS 17.4.1, Watch 9, M2 MBA OSX 14.4

Offline Xairbusdriver

  • Administrator
  • TS Addict
  • *****
  • Posts: 26388
  • 27" iMac (mid-17), Big Sur, Mac mini, Catalina
    • View Profile
    • Mid-South Weather
Hacked password list offers security insights
« Reply #11 on: February 15, 2009, 04:41:21 PM »
And <1Password> has also been mentioned...
THERE ARE TWO TYPES OF COUNTRIES
Those that use metric = #1 Measurement system
And the United States = The Banana system
CAUTION! Childhood vaccinations cause adults! :yes: