Worst Passwords Of 2015

5JyB2fAeLQ2zmSWz3K8XS5MaSYdqsxM23d87aE4Q9tVLkwLShyzuEcsEEib5Hzxx1FRJReY7WgsDWraxn9FHh7bmPbS3DkDC31rbo2Wu8tUbb45JooDyfnz23cnRL8YUjPtBPmX8n559pGVbHxn4FcS4ZqLToKcRi1D7Phq72EnZDXrs3GqV7hd3SpykiKUAy2LXBf2Zxx6

This is a password.
 
Well looking at passw0rd rising quickly we can safely say that systems that enforce at least one number in password are doing good job :D
 
ironSaharashooktrolladvisor

This is a usable password.

DidMushroomsWithGrandpa
IDoLikeThemBerries

In the case of debit card PIN numbers, I ignore the numbers, honestly I wouldn't recall the number without looking at the card. I use my year of birth and just pick the first digit from the card number, then the ninth and so forth.
 
This is a great list for me to brute force hack my coworkers computers.
 
I must really be good at picking passwords, most of mine are in the top 10 :)
 
I think the people who still use 123456 and 'password' must be people with bad memories
 
Someone else taught me to take the first letter of a phrase and make it a string. Maybe a lyric from a song you like. Take Lucy in the sky with diamonds = lsdwd45. Pick some random number combination to add some difficulty. It's hard to hash out one of these, the last time I looked.


Passwords are only as good as the system security around the rest of the system.
 
I just use whatever password they have on the post it note under the keyboard. If it's not password7, I try password8 and it usually works. :D

I'm guilty of some bad passwords... If it requires a good password, I'll use one. If it's some account not tied to anything, I'll use the same one I use for other non-essential accounts.
 
This is a great list for me to brute force hack my coworkers computers.

Or you could just use a remote hash extractor and bring the hashes home and crack them in 10 minutes using oclHashcat.

I sleep slightly more soundly knowing that none of the passwords in the system I designed are any of these... We have a filter that disallows the top 100 most used passwords.
 
An oldie but goodie:

vsr0nGP.jpg
 
Oh, and I've been using Lastpass for the last 2 years for all my personal passwords. It's a compromise between security and ease of use. It does mean that when Lastpass is compromised I need to change all my passwords (which is annoying) but it does mean that if any of those passwords is compromised on the providers side they don't get access to anything else.

It's getting to the point where password security is getting trivial to hack, we need an option that's more secure but also easier to use. And no one has cracked that problem yet.
 
Someone else taught me to take the first letter of a phrase and make it a string. Maybe a lyric from a song you like. Take Lucy in the sky with diamonds = lsdwd45

That's an awful password. Sure a person may have trouble guessing it but the computer actually cracking passwords would have no problem.

LucyintheskywithDiamonds is actually way more secure.

19 seconds to crack vs a Septillion years.

https://howsecureismypassword.net/
 
I always liked the classic xkcd comic about passwords

Except that password doesn't have the required number or upper/low case required by some web sites.

I prefer take a password and then add something from the web site URL, so each password is unique.
 
Thank you for giving me more pwds to add to my pwd crack dictionary. :)
 
I Prefer keepass. No dictionary attack will work. The main limitation is stupid sites that only allow 12 characters.
 
Everyone knows the most commonly-used passwords are "love", "sex", "secret", and "god".
 
Also, secure password = 10 characters, 1+ capital, 1+ number, 1+ special character.
 
Oh, and I've been using Lastpass for the last 2 years for all my personal passwords. It's a compromise between security and ease of use. It does mean that when Lastpass is compromised I need to change all my passwords (which is annoying) but it does mean that if any of those passwords is compromised on the providers side they don't get access to anything else.

Whoops, a simple phishing attack on Lastpass was discovered this week.
 
I think the people who still use 123456 and 'password' must be people with bad memories
I use easy ones like that for sites I don't give a crap about.

Side note... "starwars" can all be typed with one hand!
 
My password is ******** but the forum software is clever enough to censor known passwords.
 
And seems like trustno1 and hunter2 didn't make the list this time.
 
Who else is forced to change their password at work on a monthly basis and just goes with the increasing [word][number] format?
 
Except that password doesn't have the required number or upper/low case required by some web sites.

I prefer take a password and then add something from the web site URL, so each password is unique.

This is really xkcd's point. What many consider "strong" passwords really are not AND people cannot use something that actually is strong because the system requires stupid things like one uppercase letter, number, and symbol. The increased complexity gained from requiring this is trivial compared to what is gained by simply using a long, easily remembered phrase.
Most humans trying to hack a password are often tripped up by maximum password attempts allowed ([H]ard|Forum included), but computers using a brute force are not stopped at all by currently accepted "strong password" criteria.
 
Who else is forced to change their password at work on a monthly basis and just goes with the increasing [word][number] format?

I used to do that until they changed the policy and they got rid of the password expiration as long as our password is complex enough.
 
Everywhere you buy something or do anything needs an account. Most are single use cases with a website or store. I have tons of passwords and variants of them because everyone has different rule sets so I either have to write them down somewhere, or constantly use the 'forgot password' button every 6 months or so when I return to said vendor or site.
 
We have a system at my workplace that everyone has access to, but it is internal access only. The system is tiered so that only a few people have any sort of management access. When setting up the accounts, the IT people are using a random 8-charachter string of numbers, upper and lower case letters. The password is unchageable by the users. How secure is it? Every employee has their password written down on a piece of paper at their desk!
 
Back
Top