Page 1 of 1

Passwords only an idiot would use...

Posted: 03 Nov 2012 23:08
by Dust
http://arstechnica.com/information-tech ... st-common/
Burnett did an analysis of 6 million username and password combinations last year, and found that 91 percent of users had used one of the 1,000 most common passwords—with 99.8 percent using a password from the 10,000 most common.
Here's the ranking of the top ten most popular ones:
1 password
2 123456
3 12345678
4 abc123
5 qwerty
6 monkey
7 letmein
8 dragon
9 111111
10 baseball

Isn't it depressing? :/

Re: Passwords only an idiot would use...

Posted: 04 Nov 2012 01:25
by shiftnshape
OMG how did you get all my passwords ? only kiddig and people wonder why they have stuff stolen all ther time.


oppps noticed my n wasnt working.

Re: Passwords only an idiot would use...

Posted: 05 Nov 2012 10:03
by MindyMcfly
people using the same email / login name & password for everything is bad too. Knew a few people who signed up for stuff using email and the same password for their email account and wonder why they were sending out spam mail.. lol

Re: Passwords only an idiot would use...

Posted: 06 Nov 2012 10:37
by Tiel
I just don't register for every fricking site that demands a log-in from me. It's annoying how many demand this.
I have a special mail address for bullshit sites and spam that I register everything on, the fact that those passwords match I don't really care so much about. As long as the email pass is different.
I believe that phpbb stores them encrypted with salt, so I'm not too worried that Dust finds out mine :)

My passwords are a bunch of random chars, at least 12 digits. Just memorized it before I started using it. I don't like to rely on password tools like LastPass, but it can be very handy and I recommend it for idiots who use simple passwords.

Re: Passwords only an idiot would use...

Posted: 06 Nov 2012 11:51
by MindyMcfly
Problem is that more and more things are relying on user name/passwords and server side autentication.

In order to play Max Payne 3 - I needed steam login and rockstar pass to play, same with From Dust, GTA4 etc.. etc..

Re: Passwords only an idiot would use...

Posted: 06 Nov 2012 19:46
by Dust
At the moment I use a few highly secure passwords (12 to 16 random characters), but not one per account, there are just too many of those...

I try to tier them into groups: One password for high-value encryption and system login, one password for online banking, one password for forums, one for throwaway stuff. Ideally, I'd use a tool like LastPass, but I can't bring myself to rely on something like that yet...

Re: Passwords only an idiot would use...

Posted: 06 Nov 2012 22:17
by Gyon
I just write them down on a spreadsheet..... email one stays in my head mind. bank ones inpossible to remember or count without having to write it down. that one kept in an even less secured place in case spreadsheet get corrupted.even tho i am organised, i still find myself unable to log on places as dont remember password. I totally hate this pw culture. honestly who can remember 150 pw at any given time?? enough to deal with the day to day ones...
dust. invent something else to replace passwords please :)

Re: Passwords only an idiot would use...

Posted: 07 Nov 2012 09:29
by Tiel
For banking no one has a password in Holland. Authentication is either with SMS or a bank card reader.

Re: Passwords only an idiot would use...

Posted: 07 Nov 2012 10:56
by MindyMcfly
Some banks use password and pin protection or send a usb card reader.

Biometrics is still being pushed as a replacement for passwords, scary thought that some scabby website could keep info on your thumb print or iris. :?

Re: Passwords only an idiot would use...

Posted: 07 Nov 2012 16:34
by Dust
Biometrics and SMS verification are stupid as first factor. For biometrics, how do you possibly prevent copying? What happens if someone leaks your biometrics? (Which happens with passwords with great regularity...)
SMS almost as bad, they are easily sniffable and fakeable.

My bank uses a password and a one-time use code. Others here use RSA Tokens like we use for WoW, or smart cards with query-response code generation. SMS as second factor instead of a one-time-use code exists, but I don't think it's secure. And it certainly can not replace a first factor.

Re: Passwords only an idiot would use...

Posted: 20 Mar 2013 22:33
by Dust
Seems the password list was put to good use :)

Someone built a gigantic 400k node botnet just from machines with user account admin or root and password admin or root, respective... and scans the internet with it :)

http://internetcensus2012.bitbucket.org/paper.html
http://arstechnica.com/security/2013/03 ... addresses/