Do you have adblock enabled?
If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(Gizmodo)   For the first time, "password" has been knocked off the top of the annual most popular passwords list. Its replacement: The kind of thing an idiot would have on his luggage   (gizmodo.com) divider line 76
    More: Obvious, passwords, presents  
•       •       •

6454 clicks; posted to Geek » on 20 Jan 2014 at 10:08 PM (1 year ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



76 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest

First | « | 1 | 2 | » | Last | Show all
 
2014-01-20 05:47:47 PM  
I wonder if this is because so many phones use numeric-only passwords.
 
2014-01-20 05:59:17 PM  
It depends on the website how much I'll put into my password.  Some places don't need anything more than a 12345
 
2014-01-20 06:53:57 PM  
Is this the thread where we try to trick liters by saying the website automatically turns passwords into asterisks in all comments?

/never believe this one, kids
//and IOS7 does not make your phone waterproof
///slashies do, however, make you awesome
 
2014-01-20 07:11:07 PM  
HAHAHAHA....my password has always been ****************
 
2014-01-20 07:24:04 PM  
i1.ytimg.com
 
2014-01-20 07:48:47 PM  
The 25 Most Popular Passwords of 2013: God Help Us

And here I thought I was the only one who used God Help Us as his password...
 
2014-01-20 08:17:59 PM  
you know what I REALLY WANT?
I want the asterisks to go away,
At least always give me the option.
ESP on my damn phone FFS.
 
2014-01-20 08:23:50 PM  
A good portion of the users of a company for which I provide helpdesk have the name of the company with a 1 or 2 after it as their password.
 
2014-01-20 08:39:28 PM  

make me some tea: A good portion of the users of a company for which I provide helpdesk have the name of the company with a 1 or 2 after it as their password.


which company?
/just asking
 
2014-01-20 08:42:06 PM  

namatad: make me some tea: A good portion of the users of a company for which I provide helpdesk have the name of the company with a 1 or 2 after it as their password.

which company?
/just asking


mmhmm
 
2014-01-20 08:57:16 PM  
I only use two passwords (or variants of such if the site requires).

The first is simple and is used for stuff like Fark that has no real effect.

The only is complex and is used for places like Amazon and other sites that carry information like my SSN or credit card numbers.
 
2014-01-20 08:57:56 PM  
I see those complexity rules are really working.  Let's all agree to switch to the "at least one letter and at least one number" rule vs. just the "at least one number" rule.  Give abcd1234 a chance!
 
2014-01-20 09:02:00 PM  

thisdaydreamer: Is this the thread where we try to trick liters by saying the website automatically turns passwords into asterisks in all comments?

/never believe this one, kids
//and IOS7 does not make your phone waterproof
///slashies do, however, make you awesome

 Press ALT-F4 to get a month of free AOL.  Sometimes their firewall catches the hack and shuts down the connection though, so you might have to try more than once.
 
2014-01-20 09:24:26 PM  

ArkAngel: I only use two passwords (or variants of such if the site requires).

The first is simple and is used for stuff like Fark that has no real effect.

The only is complex and is used for places like Amazon and other sites that carry information like my SSN or credit card numbers.


I have a rotating set of them, stuff that has barely any ties to anything obvious.  What really screws with people is answering security questions in a funky way.  For example, if it asks for grandmothers' names, I use their actual birth names and not what they were actually called (One was French so she had a baptismal name, and one's name is from a relatively obscure opera.)
 
2014-01-20 09:25:49 PM  
I've only been using one for about 3 years, and I honestly don't know how I lived before that without a password manager (KeePass, LastPass, 1Password... whatever works for you).  I've got at least 200 passwords for different things, all distinct, all complex/random, and, more importantly,  I never forget one.
 
2014-01-20 09:57:08 PM  

serial_crusher: I see those complexity rules are really working.  Let's all agree to switch to the "at least one letter and at least one number" rule vs. just the "at least one number" rule.  Give abcd1234 a chance!


Actually, "Abcd1234" is acceptable.

They should put into the password policy algorithm a detection for sequential ASCII characters.
 
2014-01-20 10:13:12 PM  
came for scroob.

/leaving before snotty tries to beam me up.
 
2014-01-20 10:13:41 PM  
I use my basic password everywhere important but append it with the service I'm using. So my password at Gmail becomes "passwordgmail" etc. I'm sure it wouldn't help if someone fed that scheme into a brute force attack, but in day to day operations it stops someone from getting one of my usernames and passwords and using it to crack everything I use.
 
2014-01-20 10:19:20 PM  
Everyone knows the real top 4 is "love", "secret", "sex" and "god"

mimg.ugo.com
 
2014-01-20 10:19:50 PM  
12. Admin (New)
16. 1234 (New)


It's like the people compiling the list suddenly discovered wireless router product manuals or something.
 
2014-01-20 10:31:00 PM  
I try to use song lyrics. Easy to remember, long enough to make it harder for breaking. Though some places this doesn't work because they mandate they be under a set character size. But for work I use a 50-60 character one.
 
2014-01-20 10:31:26 PM  
Once I started at a new company and managed to get the network hacked by setting my password to "1BigPassword"

What? I was nervous, the password creation rules were too stringent to accept my usual passwords, and I didn't want to look like an idiot by forgetting my new password the very next day.

I guess I looked like an idiot regardless, so it's kind of moot.
 
2014-01-20 10:39:12 PM  
17346732476CHARLIE32789777643TANGO732VICTOR73117888732476789764376
 
2014-01-20 10:46:55 PM  

Mrbogey: I try to use song lyrics. Easy to remember, long enough to make it harder for breaking. Though some places this doesn't work because they mandate they be under a set character size. But for work I use a 50-60 character one.


heyijustmetyouandthisiscrazybutheresmynumbersocallmemaybe?

/57 characters, it fits
 
2014-01-20 10:47:56 PM  
imgs.xkcd.com
 
2014-01-20 10:55:12 PM  

Nightjars: [imgs.xkcd.com image 740x601]



I've always wondered if that was reduced to a standard Oxford dictionary attack, how it changes the math.
 
2014-01-20 10:56:24 PM  
23. azerty (New)

This actually sounds like a lazy IT person's (note: not "It professional's") idea of a "safe" password.  i.e. take a common word or phrase and switch a couple of characters around.

/First password was 1233210
//Now follow xkcd's rule
 
2014-01-20 11:11:20 PM  
my password is "incorrect" that way if i forget or type it in wrong the computer will tell me my password is incorrect.
 
2014-01-20 11:12:30 PM  
i63.photobucket.com
 
2014-01-20 11:14:32 PM  
TheZorker: I've always wondered if that was reduced to a standard Oxford dictionary attack, how it changes the math.

So, the OED is ~300k stem-words (leaving out a lot of plurals, conjugated verbs, defined but relatively loose compounds, etc).  I'll stick with that estimate, although I'd use some shorter conjugated verbs over the really long and hard-to-spell obscure words.

So, 18 bits of entropy per truly random word. 4 OED words is thus ~2^72 (72 bits).  This is roughly equivalent to 11 random typeable (upper/lower/number/punctuation) characters.  Let's just say... this beats the pants off of 99.9999% of mentally generated passwords.

Personally, I like the related 'diceware' method.  Roll a die 5 times and get a number like 44521.  There's a standard list of short words that translates that to 'oust'.  Do that again a few times... 'oust gas island nasal beat'.  Five of those is, verifiably, 64 bits of randomness (really pretty good), even if your attacker knows that you're using diceware, knows your word list, knows that you're using 5 words, etc.  Ten totally random characters would be equally as good... it's just that 'oust gas island nasal beat' is much easier for most people to remember and type than 2*\-mEr[aZ.
 
2014-01-20 11:20:51 PM  

make me some tea: A good portion of the users of a company for which I provide helpdesk have the name of the company with a 1 or 2 after it as their password.


I had that problem and had a helluva time getting them to change the pattern. Nowadays I have staff to do that for me.
 
2014-01-20 11:35:43 PM  

limeyfellow: make me some tea: A good portion of the users of a company for which I provide helpdesk have the name of the company with a 1 or 2 after it as their password.

I had that problem and had a helluva time getting them to change the pattern. Nowadays I have staff to do that for me.


Guilty of that sort of thing, especially on software that requires resetting the password every 90 days.  Just ratchet the number up one, then all you need to remember is what number you were at.

But I won't do that with my own personal stuff, just shiat that doesn't really matter.
 
2014-01-20 11:41:28 PM  
You can go hunter2 my hunter2ing hunter2.
 
2014-01-20 11:43:41 PM  

Bonzo_1116: limeyfellow: make me some tea: A good portion of the users of a company for which I provide helpdesk have the name of the company with a 1 or 2 after it as their password.

I had that problem and had a helluva time getting them to change the pattern. Nowadays I have staff to do that for me.

Guilty of that sort of thing, especially on software that requires resetting the password every 90 days.  Just ratchet the number up one, then all you need to remember is what number you were at.

But I won't do that with my own personal stuff, just shiat that doesn't really matter.


Yup.  I'm really not worried that somebody might log into the HR system and file a vacation request on my behalf.  Or that somebody log into the other HR system with a different password and report a bogus time card for some given week.  Or that somebody might log into yet another HR system and fill out my annual performance reviews for me.  Ok, you get the point.  HR doesn't have their shiat together and the rest of us suffer.
 
2014-01-20 11:53:10 PM  

serial_crusher: Bonzo_1116: limeyfellow: make me some tea: A good portion of the users of a company for which I provide helpdesk have the name of the company with a 1 or 2 after it as their password.

I had that problem and had a helluva time getting them to change the pattern. Nowadays I have staff to do that for me.

Guilty of that sort of thing, especially on software that requires resetting the password every 90 days.  Just ratchet the number up one, then all you need to remember is what number you were at.

But I won't do that with my own personal stuff, just shiat that doesn't really matter.

Yup.  I'm really not worried that somebody might log into the HR system and file a vacation request on my behalf.  Or that somebody log into the other HR system with a different password and report a bogus time card for some given week.  Or that somebody might log into yet another HR system and fill out my annual performance reviews for me.  Ok, you get the point.  HR doesn't have their shiat together and the rest of us suffer.


This
 
2014-01-21 12:06:21 AM  
Samsung is way guilty of this kinda thing. Yup.
 
2014-01-21 12:12:44 AM  
Sometimes my sense of humor is entirely inappropriate. Like, Archer raisibg his eyebrows and saying, "WTF? Phrasing!" inappropriate.
 
2014-01-21 12:16:01 AM  
If companies didn't force people to change their passwords every three months some people might be more inclined to permanently memorize a complex one.
 
2014-01-21 12:24:24 AM  
What's wrong with using Þ@§§ŵƟƦƌ?
 
2014-01-21 12:25:30 AM  

rugman11: 23. azerty (New)

This actually sounds like a lazy IT person's (note: not "It professional's") idea of a "safe" password.  i.e. take a common word or phrase and switch a couple of characters around.

/First password was 1233210
//Now follow xkcd's rule


It's a French keyboard layout.

www.thekeyboardcompany.com
 
2014-01-21 12:31:55 AM  
In an odd coincidence, my password is 8108154
 
2014-01-21 12:34:46 AM  

make me some tea: namatad: make me some tea: A good portion of the users of a company for which I provide helpdesk have the name of the company with a 1 or 2 after it as their password.

which company?
/just asking

mmhmm


M&M?
 
2014-01-21 12:38:53 AM  

TheZorker: Nightjars: [imgs.xkcd.com image 740x601]


I've always wondered if that was reduced to a standard Oxford dictionary attack, how it changes the math.


It would take a lot less time to crack. But of course you'd have to know the password was made up of dictionary words. In other word if the password was actually 1234 it would never guess it. It's like having Zeus as your password and saying "Well if you used a standard greek god attack you'd get it within a dozen or so guesses"

/Work for a large international company.
//A PC in my department is used by lots of people for lots of common tasks, and has lots of customer details.
///Everyone knows the user name and login that is always used to log in that PC, and the password hasn't changed in years.
////The user name is a guy who hasn't worked there for several years.
 
2014-01-21 12:41:33 AM  
I usually use names of kids, grandkids or cats with numbers dropped randomly in the middle. Also old license plate numbers and phone numbers or just short phrases that are misspelled so they wouldn't really make sense to someone trying to guess what it was. I have an excellent track record for remembering all of my passwords. My wife however has to reset hers constantly because she always tries to come up with something really clever. She gets so clever they're impossible for her to remember. It's like when she puts important documents in a "safe place" and can't find them when we need them.
 
2014-01-21 12:56:25 AM  

Flint Ironstag: TheZorker: Nightjars: [imgs.xkcd.com image 740x601]


I've always wondered if that was reduced to a standard Oxford dictionary attack, how it changes the math.

It would take a lot less time to crack. But of course you'd have to know the password was made up of dictionary words. In other word if the password was actually 1234 it would never guess it. It's like having Zeus as your password and saying "Well if you used a standard greek god attack you'd get it within a dozen or so guesses"

/Work for a large international company.
//A PC in my department is used by lots of people for lots of common tasks, and has lots of customer details.
///Everyone knows the user name and login that is always used to log in that PC, and the password hasn't changed in years.
////The user name is a guy who hasn't worked there for several years.


Good advice is just to pick four words you always misspell, and then misspell them with spaces for your password.  It fails because most people misspell the same words the same way, but unless someone is using a dictionary that compensates for it, they'll have to kick over to brute force which takes a lot longer.

I also like telling people to spell words like they sound and choose at least four of them.  That's usually enough to throw off any dictionary or compensated dictionary attack.
 
2014-01-21 01:02:22 AM  

ADHD Librarian: In an odd coincidence, my password is 8108154


Not 8008135?

I had to come up with a 5 digit password ages ago for a job I no longer have. After years of using a C64, the obvious choice was 64738. Easy to remember and to type.

For those who didn't use one, the command SYS 64738 performs a warm reset on that machine.
 
2014-01-21 01:20:24 AM  

Flint Ironstag: It would take a lot less time to crack.


Again, no, it would not.  The whole point of the XKCD strip is that, by his roughly-estimated '11-bit words' (i.e., chosen from a 2048 word list), you get 2^44 (i.e.1-in-17-trillion) odds  even assuming the attacker knows your word list and password pattern.  If you assume the attacker doesn't know you're using words or is trying to guess words from a much longer list, then it's obviously even better than 2^44.

The main thing, though, is picking the words actually at random.  Not a handful words that spring to mind.  Humans are very bad at doing anything very randomly.
 
2014-01-21 01:42:11 AM  
fbcdn-sphotos-a-a.akamaihd.net
 
2014-01-21 01:45:19 AM  

InternetSecurityGuard: 17346732476CHARLIE32789777643TANGO732VICTOR73117888732476789764376


FSMDamnit!, I read that in Picard's voice.
 
2014-01-21 01:49:18 AM  
My wife's company makes them change passwords every two months. This is obviously stupid. It wastes help desk resources and probably makes the office less secure due to people writing their passwords down. The thing I suggested she do is use one password, a short phrase, + the number of the month the password was changed in. So now even though they won't allow her to use the same password as the last 4 times she's covered as the password only repeats every six times.

Me I use a short phrase with some capitals and the number of letters in the website URL. Leads to secure passwords that are slightly different for every site. Works pretty good.
 
Displayed 50 of 76 comments

First | « | 1 | 2 | » | Last | Show all

View Voting Results: Smartest and Funniest


This thread is closed to new comments.

Continue Farking
Submit a Link »
On Twitter





In Other Media


  1. Links are submitted by members of the Fark community.

  2. When community members submit a link, they also write a custom headline for the story.

  3. Other Farkers comment on the links. This is the number of comments. Click here to read them.

  4. Click here to submit a link.

Report