
Most Common Passwords - superberliner
http://blog.jimmyr.com/Most_Common_Passwords_20_2008.php
======
lionhearted
Quick aside:

> 6\. 123456, 123, 123123, 01234 and other retarded combinations

I dated a girl whose brother came down with a high fever when he was young,
and he became mentally retarded and stayed on the development level of a young
boy his whole life before dying in his early 20's. I'd always colloquially
used "retard" and "retarded" the way I used "fag" and "homo" in high school -
y'know, it was what the other kids did. Things "sucked", and teachers were
"retarded", and things like that.

Anyway, one time I asked her how to translate "retarded" into her language,
and she kind of froze and said, "I don't know." I'd never seen her unhappy
quite like that, and only realized why later. That made me think - was it
cutting her to the bone every time I casually dropped a "The airport baggage
people must be retarded" or some such?

There's got to be a million synonyms for really stupid people doing really
stupid things, so it wasn't too hard to cut down my use of the word. I still
get it wrong sometimes, but maybe worth five seconds of thinking about.

~~~
felideon
_I dated a girl whose brother came down with a high fever when he was young,
and he became mentally retarded_

Off-topic here, but I'm curious for my own family.

From what I've read on fever phobia, it seems like what most people consider a
_high fever_ really is normal and no reason to panic like we're used to
doing[1]. In this girl's brother's case, I wonder how high that fever really
was (and how old he was) in order for it to have affected him like that.

[1] Or have nurses on the 24/7 pediatrician line yell at you to rush to the
nearest ER, only to get charged $400+ for Tylenol.

~~~
pavel_lishin
I'll be the dad that will shell out $400 for Tylenol to avoid the risk of my
child becoming retarded.

Not to mention, $400 for peace of mind is pretty cheap, and would probably buy
me a decade or two of ulcer-free living.

~~~
fnid
That's why it's wrong to charge $400 for tylenol.

~~~
pavel_lishin
I hope health care/insurance reform works.

My backup hope is that my children love gruel.

------
AndrewDucker
For a long time I used affirmations as passwords. My machine (at that job)
autolocked after a few minutes, so I'd be typing the same thing in dozens of
times a day - I figured it might as well be something useful.

It's amazing the effect that typing GetANewJob repeatedly had...

(Yes, I got one)

------
profquail
I thought they were "Love", "Sex", "Secret", and "God"?

~~~
endlessvoid94
I'm having a hackers party this friday night. i might have to post this all
over my apt as decoration.

also, i have a payphone and jolt cola. god, i can't wait.

~~~
unalone
Wow, a hacker's party? How does that work? What do you do? I'm fascinated.

~~~
endlessvoid94
It's definitely an experiment. We'll play techno/rave music, lots of strobe
lights and stuff. Technically the party is called Cyberdelia, after the club
in the movie. Everyone is dressing up as a hipster/raver/hacker from the movie
and encouraged to go by hacker handles all night.

Dancing and drinking and enjoyment all around, I hope.

------
pavel_lishin
"Mixed numbers and letters over 8 characters long. Memorize it once, use it
forever."

Wait, is this sarcasm?

~~~
joshfinnie
I am not sure it is. If you have a strong enough password of 8+ characters of
mixed numbers, letters and symbols, why not sure if forever? I understand that
using the same password for every website is not the best practice, but his
suggestion quoted above is a great alternative for people that are using their
first name and birthday for passwords.

~~~
pmichaud
I have different levels of passwords:

1) Doesn't matter, it's fairly weak and I use it for spammy stuff.

2) It matters, I use it for accounts I care about, but nothing that would ruin
my life. It's strong, but it's used in a couple places.

3) Banks, etc -- these all get can't-crack-it-in-1000-years passwords that are
all different.

I have them written down long hand, but I think the chance of an arbitrary
burglar making it through my dog, alarm system, up stairs to my office, then
ignoring my 5 monitors and 3 nice computers in favor of a nondescript stack of
papers on a book shelf, then getting away with said papers, and using them to
break into my bank accounts seems kind of far fetched. Call me crazy.

~~~
cookiecaper
Also, if your house burns down, you're screwed or something. You should keep
them in an encrypted file that you also uploaded to your web server or email
or something. And you should probably memorize a couple master passwords --
long, strong passwords for your secret key and your email.

~~~
pmichaud
Luckily one of my talents that happens to not be useless (unlike most of
them...) is memorizing long strings of arbitrary digits. I could still get
into most of my accounts. In any case, there's password recovery.

------
nixy
"password" is one of the most common passwords -- not on the list though.

------
socillion
Everyone thinks of their password when the "How can I prevent being hacked?"
comes up. What everyone forgets is _password recovery_. 'Hacking' as done by
Anonymous and other people today usually involves resetting the email
password. It's amazingly easy to find answers to questions such as "Where was
my honeymoon?" or "What's my mother's maiden name?". Once the email account at
yahoo, gmail, hotmail or elsewhere - all of which have a process to reset
passwords - are cracked, all the other accounts linked to the email can be
taken over. Remember Palin? Because of the above, I always set the recovery to
a ~32 alphanumeric string, and the question to an insulting statement.

------
yan
Reposting from other passwords thread as I feel it's relevant here also:

Why do people insist on having short (<12 chars) overly complicated passwords?
The passphrase: "totallysecretpasswordthatyoullneverguess" (or other
similarly-long phrase) serves as a much more secure pass-phrase than the
hodgepodge of non-alphanumeric characters people suggest that good passwords
are and is far easier to remember. The only impediment to decent passphrases
are services that limit how many characters your password can be.

~~~
reduxredacted
It was worth the repost.

I don't understand sites that have serious length limitations on passwords. I
recall Amex had an 8 character limit last year when I had an account with
them.

Passphrases + randomly generated passwords via KeePass or Password Safe is the
way I go.

------
known
A Google search for

    
    
        allinurl:passwd.txt site:.com
    

gives 320 results.

~~~
passssss
allinurl:passwd.txt slicehost.com

------
fondue
123456? That's amazing, I've got the same combination on my luggage!

~~~
dkokelley
+1 for the Spaceballs reference.

<http://en.wikipedia.org/wiki/Spaceballs>

------
gtani
[http://www.eribium.org/wp-
content/uploads/2007/01/common_pas...](http://www.eribium.org/wp-
content/uploads/2007/01/common_passwords.txt)

[http://www.newscientist.com/blog/technology/2008/05/confess-...](http://www.newscientist.com/blog/technology/2008/05/confess-
your-most-insecure-password.html)

<http://geodsoft.com/howto/password/common.htm>

------
agegelabs
Great article!

"Because of retarted script kiddy teenagers and nigerians that fancy
themselves hackers using prebuilt trojan software"

\- It was not necessary to single out Nigerians and I'm not sure what it added
to your great piece on common passwords.

------
darose
"My opinion on an Ideal password ... Memorize it once, use it forever."

Just about the worst password advice someone could possibly give. Hack
someone's password once, and you've got access to all their accounts
everywhere.

------
rimantas
My favourite password: passphrase. Something like "some easy to remember
phrase. With some punctuation and 1 or 2 numbers!" Either this, or derivative:
"setrp.Wspa1||2n!".

~~~
quant18
In my previous job they usually advised us to use an acronym/initialism
derived from some phrase which would be memorable to us. I dunno how secure it
was. For one thing I'd bet 90% of the people had the substring "wtf" in there
somewhere. Or "Ihmfj" (I hate my f __*ing job). Plus a few numbers.

~~~
pavel_lishin
I'm betting [bossname]sucks was a popular one.

------
lurkinggrue
Moore's Law and Password Cracking:
<http://www.flickr.com/photos/changa_lion/3383711753/>

------
fnid
This is why storing plain text passwords is evil.

------
blang
no 'test'? it can be typed all with your left hand, while keeping your right
on the mouse.

