Top 25 passwords

[Smoblikat]

Mustang................guilty

 

[alkemyst]

ashley? Who the hell uses "ashley" as a password?

being it was the most popular kid's name for a while, duh.

Hacker rules 101...try spouse/kid/pet names first.

 

[alkemyst]

But trustno1 is a phrase. Those are supposed to be unbreakable!

Not sure if sarcastic or not...immune from dictionary attacks but not brute force. 8 character passwords aren't extremely difficult for bot nets to attack.

 

[Rudee]

childrens and pets names are on the top of the list as well.

 

[JujuFish]

Not sure if sarcastic or not...immune from dictionary attacks but not brute force. 8 character passwords aren't extremely difficult for bot nets to attack.

The sarcasm was palpable in that post, and trustno1 is not immune to dictionary attacks, since any password dictionary that doesn't have the most common passwords would be pretty pathetic.

 

[AmdEmAll]

admin is always the best

 

[0roo0roo]

http://arstechnica.com/security/2012/08/passwords-under-assault/

 

[datalink7]

Don't forget god. System operators love to use god.

http://www.youtube.com/watch?v=0Jx8Eay5fWQ

 

[Sluggo]

Looks like I am still safe with password2

 

[lothar]

I always use the phrase "letmeinyouidiot".
Yup, that's my password.

 

[alkemyst]

popular 3-5 character passwords are no longer common as many have gone to at least a min. of 6 and usually 8 characters. My passwords for secure sites are usually phrases of none dictionary words and 15 characters or more.

 

[JoeyP]

I would have thought leet would have been in at least one of those. Like P@55w0rd

 

[sourceninja]

I use lastpass and most of my passwords are unknown to me and at least 32 characters (or the limit for a site if the limit is lower).

My lastpass password is pretty complicated phrase of words, numbers, mixed character types and multiple languages.

I think pass phrases are better than passwords. It's hard to guess, easier to remember, and has higher entropy.

Look at the password "Ippon and Yuko are Judo scores." which seems very simple until you think of what would be required to brute force it. You would need to know the number of words in the phrase, the languages used in the phrase (2 here), the use of capitalization (or not), if it contains punctuation, etc. Remembering this is easy. I like judo and those are two kinds of points you can score in a match.

 

[ViviTheMage]

I use sentences with 2-3 words for my passwords now, it is just easier to remember and much much harder to crack.

 

[clark25]

ashley does.

for christ sake, ashley uses 'michael' and michael uses 'football'.

 

[Pardus]

I use Dichlorodiphenyltrichloroethane - no one can spell it , most don't even know what it is

 

[JoeyP]

Someone ought to invent a keystroke capture device that fits on your keyboard. When prompted to enter your password, press your finger on its biometrics reader to have it capture, enter the password, and then press the same finger to store it.

Especially at work, where you may have different accounts not using LDAP, this could authenticate for you. You'll just have to remember which finger is linked to which password. You can always knuckle in the password anyway.

 

[disappoint]

I always use Anaphylactic. No one knows how to spell it.

I'm shocked.


(booo! boo!)

 

[SagaLore]

article link?...

 

[Imp]

But trustno1 is a phrase. Those are supposed to be unbreakable!

If they bothered to spell out the one and capitalize any letter but the first one, it'd be unbreakable...

 

[shortylickens]

People need to start using
dickscarf
douchecanoe

 

[sourceninja]

Someone ought to invent a keystroke capture device that fits on your keyboard. When prompted to enter your password, press your finger on its biometrics reader to have it capture, enter the password, and then press the same finger to store it.

Especially at work, where you may have different accounts not using LDAP, this could authenticate for you. You'll just have to remember which finger is linked to which password. You can always knuckle in the password anyway.

You could also get your company to setup a identity vault and just sync all your accounts. (I'm in the middle of a project doing just that now).