FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


Bad Passwords





Nick2008
If you have any of these passwords, it's probably time to change them:



Quote:

Computerworld - In a report likely to make IT administrators tear out their hair, most users still rely on easy passwords, some as simple as "123456," to access their accounts.


Tell me about it.

Quote:

A report released today by database security vendor Imperva Inc. serves as another reminder of why IT administrators need to enforce strong password policies on enterprise applications and systems.


If IT administrators are not enforcing their own password policies, then they are probably not good administrators.

Quote:

based on an analysis of 32 million passwords that were exposed in a recent database intrusion at RockYou Inc., a developer of several popular Facebook applications. The passwords, which belonged to users who had registered with RockYou, had been stored by the company in clear text on the compromised database. The hacker responsible for the intrusion later posted the entire list of 32 million passwords on the Internet.


Great, getting your hands on passwords just got easier.

Quote:

In fact, the most common password among RockYou users was "123456," followed by "12345" and "123456789." The other passwords rounding out the top five were "password" and "iloveyou."


Pretty much proves that many people still don't understand the importance of a strong password.
Aredon
Apparently they don't understand the need to encrypt stored passwords either! lol Thanks for posting, I got a good chuckle. Smile
carlospro7
These are really interesting statistics. It's kind of funny but sad. I bet a lot of people also use their first or last name as their passwords
mattyj
according to the movie Hackers, the 4 most common passwords were Love, Secret, Sex & God...None of them in the top 20 anymore
LostOverThere
Very interesting stuff. I'd never have guessed about 123456 or the likes. Though I'm really not at all surprised to see the word password being used so commonly. Wink

Quote:
according to the movie Hackers, the 4 most common passwords were Love, Secret, Sex & God...None of them in the top 20 anymore

I doubt that really ever was true. But it works well for the film.
mattyj
LostOverThere wrote:
Very interesting stuff. I'd never have guessed about 123456 or the likes. Though I'm really not at all surprised to see the word password being used so commonly. Wink

Quote:
according to the movie Hackers, the 4 most common passwords were Love, Secret, Sex & God...None of them in the top 20 anymore

I doubt that really ever was true. But it works well for the film.


Yeh i know, but fisher stevens delivers the line so well it makes me believe it Smile
nam_siddharth
mattyj wrote:
LostOverThere wrote:
Very interesting stuff. I'd never have guessed about 123456 or the likes. Though I'm really not at all surprised to see the word password being used so commonly. Wink

Quote:
according to the movie Hackers, the 4 most common passwords were Love, Secret, Sex & God...None of them in the top 20 anymore

I doubt that really ever was true. But it works well for the film.


Yeh i know, but fisher stevens delivers the line so well it makes me believe it Smile


After looking the sample of passwords I am almost sure that the minimum password length required on that website is 6 character. Only "Secret" matches the minimum requirement among the 4 you have posted.
nam_siddharth
Nick2008 wrote:
If you have any of these passwords, it's probably time to change them:





I doubt the result. For example "Qwerty" cannot be more frequent as password than "qwerty". Caps lock cannot be ignored in the case of password.
hunnyhiteshseth
One reason why people set easy passwords is because they assume that they do not need security for that particular application and it is just a regulatory thing that they need to do, so they try to make it as less intrusive and as fast as possible leading to these easy to remeber or type passwords.
joostvane
Many of my friends use simply passwords. It goes from 123456 to chocolat or something similair. I told them they should change it to something safer, but it would 'take too long for them to type' and the horrible risk that it could be wrong the first time and have to try again...
Baka_Desu
i usually use passwords with both letters and numbers (and sometimes symbols), but my sister uses simple passwords such as angel, chocolate etc.
deanhills
I always argue with myself, why would anyone want to get into my mailbox? I can't think of anyone who would be that interested to read my e-mails. I used to be really bad in using a single name of a philosopher that I liked for my password, but over the last few years have added numbers and underscores. Bit of a bother.
airh3ad
I used combinations like numbers and letters 9 characters. for the safety of my emails my personal computer.they said bad password may allow someone to use your account and therefore to use, modify, corrupt or destroy any of your files or any files that you are allowed to modify.
Other said don't use a password shorter than eight characters or with only alphabetic characters or only digits. maybe im safe.
Nameless
Randomly generated mixed case and special twenty character long passwords stored in a secure offline password-safe style application controlled by a single memorable but still pretty much unguessable master password FTW.
deanhills
airh3ad wrote:
they said bad password may allow someone to use your account and therefore to use, modify, corrupt or destroy any of your files or any files that you are allowed to modify.
Thanks for the info. I have a question, if they should manage to crack the password of any of my e-mail accounts, say Yahoo or Hotmail, would they be able to access my computers through my e-mail accounts, i.e. like with writing a code?
[FuN]goku
For me, My passwords are usually 8-12 characters, letters/numbers (sometimes special chars) , upper/lowercase. Pretty much every service I use has a different password, with the exception of a few things.

For things like hardrive/jumpdrive encryptions, I'll usually use fairly long passwords. They COULD be guessable, assuming you knew me well enough. Usually, they're just random phrases I find. Could be from a song... Poem... Book. or maybe even a quote, or maybe even a combination of these.



@deanhills - The whole idea of someone getting into your email, consists of a few things.

1) They can read your emails , maybe to gather knowledge about you, find out certain things about you, and try to impersonate you. (Can tie in with social engineering)

2) It can give them access to other services that you might use. For example. Suppose someone here on frihost breaks into your email. Once they're into your email, what they can do, is use the 'Forgot Password' feature. This feature varies for different sites.. Some use email/user combos before an email will send... some use email/secret question-answer etc.. But Most forums just use email.. What it will do is, you provide it the email, serverside, it checks the database and selects the user that has that email, and sends you an email with a password-reset link. (Though some sites send you the actual password) , but mostly forums do not send you the password itself, because it is nearly impossible to, since the passwords are stored in the database with as an md5 hash. (It's not crackable, but it's possible to 'brute force' or 'try every possible combination')

But as far as anyone accessing your pc goes. This isn't really possible unless they place an email in your inbox with a trojan or something, and then you actually run it. Alternatively, if you have some sort of remote access software running, and you sent someone an email with the password to it, it might have saved in a 'drafts' folder or something, and they might have access to it, but very unlikely.
Denvis
Ahahaha! abc123 omg I use that whenever I seriously just can't be bothered thinking up a password.
hunnyhiteshseth
[FuN]goku wrote:
For me, My passwords are usually 8-12 characters, letters/numbers (sometimes special chars) , upper/lowercase. Pretty much every service I use has a different password, with the exception of a few things.

For things like hardrive/jumpdrive encryptions, I'll usually use fairly long passwords. They COULD be guessable, assuming you knew me well enough. Usually, they're just random phrases I find. Could be from a song... Poem... Book. or maybe even a quote, or maybe even a combination of these.



Whoa! Hey what kind of work you do that you need hardrive encryption too!
ProfessorY91
deanhills wrote:
I have a question, if they should manage to crack the password of any of my e-mail accounts, say Yahoo or Hotmail, would they be able to access my computers through my e-mail accounts, i.e. like with writing a code?


Hmmm. There is very little that's impossible in hacking... I'd say that there isn't really a relationship between getting into your email and getting into your computer, other than searching through your emails for more information about your computer. If you use a IMAP client like MS Outlook, Thunderbird, Entourage, they could check the settings of your email and locate your computer's IP, etc... at which point they can power through whatever open ports you have, etc. Basically, a firewall would help at that point.

As for the whole password discussion, any password hacking software worth its salt (see Ophcrack) will have rainbow tables based on information like this. by using numbers, symbols, and letters and making a nonsensical password over 15 characters long, you're pretty much guaranteed security - unless the douches that keep track of the information don't keep passwords encrypted.
Asap170
That's pretty funny! What about the passwords, "Love" "Sex" "God" "Secret" (those 4 are from the movie "Hackers")
[FuN]goku
hunnyhiteshseth wrote:
[FuN]goku wrote:
For me, My passwords are usually 8-12 characters, letters/numbers (sometimes special chars) , upper/lowercase. Pretty much every service I use has a different password, with the exception of a few things.

For things like hardrive/jumpdrive encryptions, I'll usually use fairly long passwords. They COULD be guessable, assuming you knew me well enough. Usually, they're just random phrases I find. Could be from a song... Poem... Book. or maybe even a quote, or maybe even a combination of these.



Whoa! Hey what kind of work you do that you need hardrive encryption too!

Well, It's not exactly work.. I carry my thumb drives and my external hdd back and forth to school with me, and aside from any school work I have on there... I have important coding files (No, I don't work for any software company, it's personal coding.) and other stuff I don't want people getting into, supposing I were to lose my drive or something.

So I just use Truecrypt, and put my moderately important files in the Encrypted Partition, and then put my REALLY important files, I put in the "Hidden Partition" (Go check out TrueCrypt for more information) . Then I just use a really long password as I mentioned, and use something like AES-Twofish-Serpent encryption with a SHA-512 hash algorithm.

Iunno... Mostly just security paranoia. I never let anyone use any of my compters, cuz I don't like people going through my files.
Insanity
Maybe those passwords are for bots or whatnot that are simply fake accounts made for the purpose of something and they needed an easy password that was easy to remember and they didn't think much of security... just my two cents.
todabeat
haha i would have guessed that the number one would be PASSWORD it like when they tell you NOT to use your last social at a bank for your pin, and you birthdate

and its amazing how people still do it.
Magicman
I'm not surprised that people use such simple passwords because they don't realize how important the security of their accounts can be. They probably don't think that anyone would ever want to hack into their accounts. It is always a bad idea for a company to have the passwords in a database unencrypted.
missdixy
Lol @ QWERTY. who woulda thunk!
Ghost900
I have used some of those passwords before. I also have used qazmlp or plmokn as they are also easy to remember. When it comes to my bank account I use something hard (hardpassword2010) but when I wish I didn't even have a password then it will be easy (qwerty) as I could care less if some hacker gets into my xyz account as the only reason I have an account is so I can make comments so it is not exactly something I care to have hacked. The only info they will ever get is my email which is an outdated one. I think these bad passwords are high for that reason. Very Happy

No I don't use the given passwords anymore.
lanalhueairsoft
crea una password fuerte con numeros letras y caracteres especiales
guissmo
mattyj wrote:
according to the movie Hackers, the 4 most common passwords were Love, Secret, Sex & God...None of them in the top 20 anymore


They wouldn't be acceptable since most passwords should at least be 6 characters long.
mtorregiani
Oh no!!
I' currently using 123456 here at frihost...

I better change it for something more difficult, with letters... maybe qwerty ...





Just Joking Laughing
Aredon
hunnyhiteshseth wrote:
One reason why people set easy passwords is because they assume that they do not need security for that particular application and it is just a regulatory thing that they need to do, so they try to make it as less intrusive and as fast as possible leading to these easy to remeber or type passwords.
I'd say it's that and somewhat the mindset of "it won't happen to me" or "my password is so easy no one will think to guess it!". We'll rationalize anything to make ourselves feel better.
metalfreek
I think most people don't take their password seriously. You should face some incident and only then one realizes the importance of password. I realized its importance when my site was hacked only because I had kept a password so easy that even a child could have guessed. Anyway now my password is really strong and here are some tips that you might find helpful when it comes to protecting your password.

http://www.crazyblogger.info/internet/how-to-protect-your-online-password/
Radar
There's some balance though between using the same password for everything, and having too many to remember. Between gibberish that's hard to recall and plain English words.

Don't know where exactly, but there's a balance. Maybe just different for different people.
crimson_aria
maybe those passwords are for accounts people are not really bothered with? I use simple passwords for those kind of things.
ankitdatashn
carlospro7 wrote:
These are really interesting statistics. It's kind of funny but sad. I bet a lot of people also use their first or last name as their passwords


Yes, I also second you on that. Once my account also got hacked. And the reason for getting it hacked was because the hacker was a close friend of mine, He had all the information needed to hack the account.

I also would like to say that dont make your accounts hacker proof but "friend proof", If you can get it "friend proof" than you can be quite sure that you have made it "hacker proof" as well. Smile

And yes if you are a administrator than dont use the passwords as shown in the first post of this thread, else be prepared to be hacked in advance Razz
goutha
A combination of some letters, numbers and punctuations in a meaningful way with at least 10 characters and you'll get a powerful password which is also friend proof.
soljarag
yay! im safe ... 1234567 isn't on the list
cr3ativ3
Aredon wrote:
Apparently they don't understand the need to encrypt stored passwords either! lol Thanks for posting, I got a good chuckle. Smile


Lol, thats for sure... People running these experiments/analyzing the data should learn a lil something Razz
milleja46
You know what? More and more things like this prove we are NOT safe online and that we need to learn how to protect ourselves there are other sites that prove this, but this topic is a good proof of this.

Edit: and if you had been on hyruleonline.net/comunity before the forum redo you would find that it had been done. The forums had totally been screwed up, and you couldn't post unless it was approved by the admin.
iman
I found something in an anime site.
Some of their more common passwords are:

Quote:
1. 123456
2. password
3. qwerty
4. dragon
5. 123456789


I have no idea why dragon is on the list.
milleja46
Again this proves that people don't know how to set their accounts up securly so they are not comprimised later on.
chatrack
Thanks for this nice statistics.

I just wonder how many people trust 12345 as a password.
My friend who is a computer expert use "password" as password Smile

I would like to hear about the most complicated password used.....
jabce85
haha, those are absolutely terrible passwords.... and yet people still use them for even their most sensitive accounts
milleja46
IF you want a tough password look at the one's for a school's online textbooks, mine are pretty tough to guess. Just random combinations
belo-dc-laptop
Aw that reminds me of my older brother. Tsk tsk tsk. He must learn how to create an effective password.
milleja46
I think there should be a short 3 wk class everywhere about creating a perfect password
greeneyedtaxi
i am deeply hurt by this thread. Razz

i have done this terrible password thing a few times. however, i do things such as changing cases and adding extra characters.
deanhills
milleja46 wrote:
IF you want a tough password look at the one's for a school's online textbooks, mine are pretty tough to guess. Just random combinations
That has to be hard. Unless you could get your computer to save the password for you. I got those for my Frihost Website, as well as my Internet Provider, I know I can change them, but in my experience it is usually better to stick with the ones you get as there is always documentation that has the original password in it, whereas it is more easy to loose new ones that I have created.
Helios
I currently remember more than a dozen random passwords... better than any safe Very Happy

There are techniques to remember practically anything for a lifetime. I find it easy to remember arrays of letters and numbers by repeating them loudly several times and by saying them in a certain way... another good technique is using "1337 speech" for construction of what will look like random characters and numbers to any hacker, for instance T/\k3g/\rb/\g30uT is a pretty strong password which says Take Garbage Out, but the only thing you have to remember is to use capital T's, /\ for A, 0 for o and 3 for e. Using that code you can construct lots of long and strong passwords, yet remember them easily enough not to have some sort of an "offline safe guarded by a master password" or something like that.
deanhills
Helios wrote:
Using that code you can construct lots of long and strong passwords, yet remember them easily enough not to have some sort of an "offline safe guarded by a master password" or something like that.
Now this sounds like an awesome idea. Last week I was almost tripped up with an e-mail address that I had to type and that I could not copy and paste. It had something just like that. Instead of an "o" it was an "0", which of course is just the wrong thing to have for a log-in. But right on for a password.
BROCK22
thanks for the link. i'm glad my password fits the criteria
Starrfoxx
The best tip for passwords are lower and upper case, a number, and a special character. that's what they make us use at work, anyway.
guissmo
milleja46 wrote:
I think there should be a short 3 wk class everywhere about creating a perfect password
Haha. Well that would make everyone use the same style of choosing, now wouldn't it? Lol.
Hogwarts
guissmo wrote:
milleja46 wrote:
I think there should be a short 3 wk class everywhere about creating a perfect password
Haha. Well that would make everyone use the same style of choosing, now wouldn't it? Lol.


Of course, if they're all 16 character alphanumeric+symbols passwords, I don't think that'd matter too much for now Wink
erlendhg
Nick2008 wrote:
Quote:

based on an analysis of 32 million passwords that were exposed in a recent database intrusion at RockYou Inc., a developer of several popular Facebook applications. The passwords, which belonged to users who had registered with RockYou, had been stored by the company in clear text on the compromised database. The hacker responsible for the intrusion later posted the entire list of 32 million passwords on the Internet.


Actually, I discovered that my school also stored the passwords to every user account, used on the educational systems they have online, in clear text. The way I discovered it, was that someone else had gone down to the office and asked for my password, and they actually got it without my permission. Quite frightening, I believe that passwords should always be hashed/one-way encrypted when stored in databases. Anyways, I got the school to tighten up their security policies, but I still think they store unencrypted passwords though.
hunnyhiteshseth
Helios wrote:
I currently remember more than a dozen random passwords... better than any safe Very Happy

There are techniques to remember practically anything for a lifetime. I find it easy to remember arrays of letters and numbers by repeating them loudly several times and by saying them in a certain way... another good technique is using "1337 speech" for construction of what will look like random characters and numbers to any hacker, for instance T/\k3g/\rb/\g30uT is a pretty strong password which says Take Garbage Out, but the only thing you have to remember is to use capital T's, /\ for A, 0 for o and 3 for e. Using that code you can construct lots of long and strong passwords, yet remember them easily enough not to have some sort of an "offline safe guarded by a master password" or something like that.


Or you can use a software like:
http://www.freedownloadscenter.com/Best/1337-to-text.html

which convert 1337 speech into text and visa-versa. You would need it few times and after which you will automatically start to SP33K 1337. Laughing
imagefree
a strong password is not an issue for many reasons (atleast for me). I login to lot of web services daily including 1 Facebook account, 4 Twitter Account, 4 Gmail Account, 1 Yahoo Account(that i dont use at all), and many other sites and forums. So if i try to keeep password distinct and difficult to guess, it would even go difficult for me to guess what the password of that account was.

However if you give preference to security your easy password is really a big issue, for me i kept the password of all account that i use for my professional work, very difficult to guess and the rest of the passwords are even known to my cousins and family members.
_AVG_
The question of security arises again - for those who have rather complicated passwords ... how do you remember them? Do you store them in some text file or do you have them written down somewhere or something? Because if that is the case, if someone were to find that , it would be disastrous for you!

Another couple of points -

If you have accounts on many sites (eg: Hotmail, Facebook, Frihost, other forums, etc. etc.), do you keep the same/similar passwords for all? (See, memory comes in again ...)

Also, does security really matter on blogs / forums that you just visit for entertainnment, etc. such as anime portals, gaming forums, etc. Does it only matter for sites like Amazon and Hotmail?

This is quite an interesting issue and the significance of passwords is certainly increasing day by day.
Hogwarts
_AVG_ wrote:
The question of security arises again - for those who have rather complicated passwords ... how do you remember them? Do you store them in some text file or do you have them written down somewhere or something? Because if that is the case, if someone were to find that , it would be disastrous for you!

Another couple of points -

If you have accounts on many sites (eg: Hotmail, Facebook, Frihost, other forums, etc. etc.), do you keep the same/similar passwords for all? (See, memory comes in again ...)

Also, does security really matter on blogs / forums that you just visit for entertainnment, etc. such as anime portals, gaming forums, etc. Does it only matter for sites like Amazon and Hotmail?

This is quite an interesting issue and the significance of passwords is certainly increasing day by day.

To be honest, I learn my passwords through the typing of it. I turn off "Remember password"; and will type it manually several times until I've remembered it. A lot of the time, I end up remembering how to type my passwords but not what they actually are, which can be a bit of a problem at times Sad
milleja46
Heh, i should have done that, before break, i changed my password for one of the sites i use for school, all it was was a severly messed up version of peanuts, but i forgot how i typed it......orginally, man that sucks when this happens!
zacky
lol.. hahhaha.. i think all of the people who had the same password to they're account are just trying to open a not so important account of them.. imagine that if you have a paypal account on the internet and you seriously use those passwords, wow your such a stupid.. it doesn't make you sweat to guess to what probably the password.. lol Razz Razz Razz
Jamestf347
or me, My passwords are usually 8-12 characters, letters/numbers (sometimes special chars) , upper/lowercase. Pretty much every service I use has a different password, with the exception of a few things.

For things like hardrive/jumpdrive encryptions, I'll usually use fairly long passwords. They COULD be guessable, assuming you knew me well enough. Usually, they're just random phrases I find. Could be from a song... Poem... Book. or maybe even a quote, or maybe even a combination of these.



@deanhills - The whole idea of someone getting into your email, consists of a few things.

1) They can read your emails , maybe to gather knowledge about you, find out certain things about you, and try to impersonate you. (Can tie in with social engineering)

2) It can give them access to other services that you might use. For example. Suppose someone here on frihost breaks into your email. Once they're into your email, what they can do, is use the 'Forgot Password' feature. This feature varies for different sites.. Some use email/user combos before an email will send... some use email/secret question-answer etc.. But Most forums just use email.. What it will do is, you provide it the email, serverside, it checks the database and selects the user that has that email, and sends you an email with a password-reset link. (Though some sites send you the actual password) , but mostly forums do not send you the password itself, because it is nearly impossible to, since the passwords are stored in the database with as an md5 hash. (It's not crackable, but it's possible to 'brute force' or 'try every possible combination')

But as far as anyone accessing your pc goes. This isn't really possible unless they place an email in your inbox with a trojan or something, and then you actually run it. Alternatively, if you have some sort of remote access software running, and you sent someone an email with the password to it, it might have saved in a 'drafts' folder or something, and they might have access to it, but very unlikely.





you can stop people from getting on your computer, just be by them. as for simple passwords, I think the websites that force you to use like one caps, lower case and number are the best for these situations
meep
I usually use passwords of over 16 characters, containing a mix of caps, symbols, numbers and normal letters. But i also write them down on a paper to check when i forgot them.
I know writing it on a paper isn't really safe, but it's not like alot of people come here, and if they do they usually got no business in my room (because they're usually 38+ coming for my parents, Laughing)
So I think my passwords are pretty secure Very Happy
Insanity
Basically anything that can be found in the dictionary can be classified as a bad password.
ProfessorY91
I'm wondering how this post got necroed because I definitely remember posting in this thing once before. Jeez. Anyways, use good passwords, not a dictionary word, and nothing that programs like Ophcrack could use. Oops, did I just reveal how easy it is to hack your computer with a single program, thats right, I just did.
hamza1122
hahaha and you wonder why people complain about their accounts being hacked
Related topics
Counter strike
The Unofficial Jokes Thread
How Spyware Works!!!
bad news and very bad news
Choosing secure passwords
10 Reasons You Know You Bought a Bad Computer
Lost passwords
Why my site and cpanel display Bandwidth Limit Exceeded?
Q: Why are women so bad at mathematics?
A photo while i had a very bad wearher with my ship
al-Qaida leader in Saudi killed, Good News or Bad News
Who knows Knight online passwords
Bad ping time, what happen to frihost?
Why blurring sensitive information is a bad idea
Reply to topic    Frihost Forum Index -> General -> General Chat

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.