
Remove my password from lists so hackers won't be able to hack me (2017) - srathi
https://github.com/danielmiessler/SecLists/pull/155
======
magnat
There was this spoofed page that looked just like plain, unordered text file
of passwords, that intercepted ctrl-f, displayed searchbox look-alike based on
your user-agent and generated entries to match the password you are typing, so
it looked as if your password was there. Anyone happens to remember the URL?

~~~
Shorel
Damn this is pure evil.

------
jdoliner
I don't see my password on the list, but I want to make sure it stays that
way. I wonder if they'd be willing to add a list of passwords never to be
included on any list so as to keep their users safe.

~~~
Hello71
[https://en.wikipedia.org/wiki/Russell%27s_paradox](https://en.wikipedia.org/wiki/Russell%27s_paradox)

------
mundu_wa_hinya
Reminds me of bash.org's hunter2 snip.
[http://bash.org/?244321=](http://bash.org/?244321=)

~~~
jdoliner
If you do a search in the repo you'll find that hunter2 remains a commonly
used password.

~~~
jcrawfordor
I regularly use hunter2 as the example or test value for passwords/keys. I
wonder how many other people do this, and how many times it's accidentally
leaked into production...

~~~
Camillo
It is a pretty good password. Just "hunter" is no good because it has no
digits, so of course you'd add a "1"... but wait! It's actually a 2! That's
the pro security twist the hackers won't expect.

~~~
Buttons840
It will take twice as long to crack, because hackers will have to try all
letter combinations ending in 1 first.

------
eranation
Previous discussion:
[https://news.ycombinator.com/item?id=16009459](https://news.ycombinator.com/item?id=16009459)

Also see:
[http://blog.assafnativ.com/2018/02/dolphins.html](http://blog.assafnativ.com/2018/02/dolphins.html)

~~~
shkkmo
Yes, the title should specify 2018

~~~
pc86
The page is from 2017.

~~~
shkkmo
The pull request was made at the very end of 2017 and much of the discussion
happened in 2018 (as did the blog post by the originator of the pull request
that is linked elsewhere in this thread.)

I'm not really sure what the policy is when the linked content spans the new
year.

~~~
thedaemon
Comments do not make the original post. We can have comments on some platforms
for years after the OP. I think this way seems very logical, date the OP.

------
tialaramex
This led me to look at [https://mostsecure.pw/](https://mostsecure.pw/)

To my surprise that password isn't listed by Pwned Passwords. That's much more
secure than I'd expected and I commend its creators for their outstanding
work.

~~~
danShumway
I'm a little ashamed that it took me about 30 seconds of staring at this page
before I refreshed it and actually got the joke.

Good reminder to be careful using/trusting password generators online.

------
sysashi
This was funny, liked the comments as well!

(not sure if serious discussion is expected here, so I will leave my useless
comment as is!)

------
pseudosavant
So long and thanks for all the fish.

------
RcouF1uZ4gsC
> To add on to the translation of the idiom, that phrase literally means
> writing a sign that says "I did NOT bury 300 grand in this spot"

Awesome idiomatic phrase!

------
TimTheTinker
Thanks for posting this. I'm having a good laugh ... there's a lot of good
humor in the comments on that issue.

------
sdan
Got to change my HN password from "dolphin" now. Can't believe they figured it
out!

~~~
jspash
I changed mine to dolphin2. Better safe than sorry.

~~~
diminoten
Liar!

------
gojomo
A pull-request is the wrong way to demand removal of personally-compromising
information.

If he instead routes his request to Github’s GDPR compliance department, it
will be illegal for them to refuse the deletion.

~~~
alanfranz
It was a joke. Pure trolling from a security researcher.

~~~
gojomo
Indeed, but your joke detector needs further tuning, as it is only running at
50% accuracy in this thread.

~~~
alanfranz
Yep, I didn't get it. But I swear I didn't downvote you.

------
mikece
Switch to KeePassXC on your Linux/Mac/Windows machine and an app that supports
KDBX on your mobile device. For convenience, sync through iCloud or OwnCloud
or whatever makes you happiest... and use KeePass's ability to create unique
passwords on the fly for you, like this one:

{"5vb"9d"Q}+;FKy/N:)Hn3A#.'mJ$amkuWq%_pX

~~~
farisjarrah
Let me just say this:

If you need to log into your google account on a weird touch screen
device(looking at you, Honda's android auto implementation), do NOT have a
super long random string password with a bunch of special characters in it. It
will make your life hell whenever you have to type it. Its much easier to type
in 8 words separated by dashes on a touch screen.

~~~
dessant
Needing to link your car to your Google account already sounds like living in
hell. ;)

~~~
farisjarrah
I was actually trying to hack the head unit and it made my life easier by
being able to log into google drive on the onboard browser and download some
files.

