How secure is your password??

mattyh

mattyh

Suspended / Banned
Messages
7,021
Name
Matt
Edit My Images
Yes
The top 25 passwords, based on a (hacked) sample of ~1.3m accounts:

2516 123456
2188 password
1205 12345678
696 qwerty
498 abc123
459 12345
441 monkey
413 111111
385 consumer
376 letmein
351 1234
318 dragon
307 trustno1
303 baseball
302 gizmodo
300 whatever
297 superman
276 1234567
266 sunshine
266 iloveyou
262 f***you (obviously the *'s aren't actually *'s - That's just the swear filter :))
256 starwars
255 shadow
241 princess
234 cheese
From here

EDIT: Here is the top 50: link
 
Last edited:
Mine are randomly selected from a generator.

Well as random as the coding for the generator allows:)
 
neil_g said:
nice... wouldnt surprise me if users here had some of those.

mine meets MS complex password requirements.
Click to expand...

Not that surprising though. I've seen them taped to allegedly secure laptops along with the username, written on post-its stuck to monitors, top and undersides of keyboards, on desk pen trays etc. I know a lot of our users use sequenced numbers appended to the name of their cat/dog/son/daughter/husband/wife/surname...

:cuckoo:
 
Islander said:
Not that surprising though. I've seen them taped to allegedly secure laptops along with the username, written on post-its stuck to monitors, top and undersides of keyboards, on desk pen trays etc. I know a lot of our users use sequenced numbers appended to the name of their cat/dog/son/daughter/husband/wife/surname...

:cuckoo:
Click to expand...

*quickly goes to change passwords and have a tidy*

:D

Mine's 13 characters, a mixture of upper and lower case and numbers - Hopefully that's secure *enough* with out getting silly.
 
Islander said:
Not that surprising though. I've seen them taped to allegedly secure laptops along with the username, written on post-its stuck to monitors, top and undersides of keyboards, on desk pen trays etc. I know a lot of our users use sequenced numbers appended to the name of their cat/dog/son/daughter/husband/wife/surname...

:cuckoo:
Click to expand...

yup.. if i spot any of those they go straight into the shredding bin.. :bat:
 
I didn't mention the school department (bet you can't guess which department that was) that set their staff password to meiosis "because nobody can spell it"...
 
best change mine from password then :lol:

in all seriousness mine don't link to me at all and is quite randomly put together
 
5 numbers followed by 7 letters (upper & lower case) followed by another 6 numbers for the important stuff. For forums and not so important stuff I'm not too fussed, I don't do confidential stuff in a forum.
 
mines my gf name, her dob and a number of "x's". Thats my password for most websites! :D Figure it out ;)
 
frank said:
5 numbers followed by 7 letters (upper & lower case) followed by another 6 numbers for the important stuff. For forums and not so important stuff I'm not too fussed, I don't do confidential stuff in a forum.
Click to expand...

yeah I thought that too, till my Tropical Fish Forum got hacked and they retrieved all our passwords, which some of us *cough* were stupid enough to use on Amazon, PayPal, Bank etc

now use different random generated one on each site
 
Roboform generates strong passwords and saves them as you login, then it fills them in for you automatically, best piece of software i've ever bought £15 for life inc software upgrades.
Just back up your 'Default Profile' folder.
 
Yardbent said:
yeah I thought that too, till my Tropical Fish Forum got hacked and they retrieved all our passwords, which some of us *cough* were stupid enough to use on Amazon, PayPal, Bank etc

now use different random generated one on each site
Click to expand...

Passwords I use for forums and the likes are nowhere near similar to what I use for financial transactions etc.
 
I have a few different ones, but the one I use for stuff that needs to be secure, I got my IT manager at 6th form to try and crack it with L0ftcrack on their servers to see how long it would take, but he ran it 24/7 for about a week, and wasn't even upto 10% cracked, so he gave up as it was slowing the servers down too much :P I feel that's secure enough for me :D
 
How do all of you that use randomly generated passwords manage to remember them all? :gag:

I have a different one for each site, but they all have some personal meaning to me that would be complete nonsense to anyone else.

For example, this site is the letter from the beginning of each line in a particularly awful angst ridden poem I wrote when I was about 15 (believe me it's not committed to paper anywhere and I'm not likely to share it!) plus the first 3 digits of the phone number my grandmother had up until I was 4 years old.

Yardbent said:
yeah I thought that too, till my Tropical Fish Forum got hacked and they retrieved all our passwords, which some of us *cough* were stupid enough to use on Amazon, PayPal, Bank etc
Click to expand...

I remember that incident. I'm not a member on that particular forum, but some people on the forum I do use were there too and it caused quite a stir at the time :eek:
 
SarahLee said:
How do all of you that use randomly generated passwords manage to remember them all? :gag:
Click to expand...

I'd like to know that as well and I'm a computer geek.

I have a "forum password" and different passwords for financial stuff. None are random though as I couldn't remember them, they just meet the requirements for capitals, numbers etc. Having my forum password would allow someone to impersonate me on a few forums, but unless they were a computer geek that likes Hillman Imps they'd be spotted as a fraud pretty quickly :p.
 
I randomly chose a foreign company name, (that isn't in the dictionary), with a capital letter and a number. I use that for all my important stuff.
 
Graham00 said:
Roboform generates strong passwords and saves them as you login, then it fills them in for you automatically, best piece of software i've ever bought £15 for life inc software upgrades.
Just back up your 'Default Profile' folder.
Click to expand...

So if someone gets your login password (or some malware has access to your PC while you're logged in), they will automatically be given every other password you have? Doesn't sound all that secure... :thinking:

Mine all follow a pattern, but would be very difficult to understand the pattern even if i told you a few of them, and the pattern results in numbers, letters and sometimes symbols and capitals - and every password is different but easy to remember. :suspect:

Hint: not quite what i do, but you could for example use a word / name associated with the same first letter as the name of the website / company that the password is for, and combine that with a more complex password but which is common to all passwords. Or you can do patterns of keys - maybe a simple encryption of your password, so your gmail password could include hnbjm (gmail with each letter substituted for the next). So many things you can do, makes it very easy to come up with an unlimited number of unique passwords without having to remember any of them.

David
 
My 5 year old Daughter seriously thinks my Password is 'noneofyourbusiness'.

She's desperately trying to learn all the letters so she can get on my laptop and iTunes whenever she wants :lol:
 
SarahLee said:
How do all of you that use randomly generated passwords manage to remember them all? :gag:

I have a different one for each site, but they all have some personal meaning to me that would be complete nonsense to anyone else.

For example, this site is the letter from the beginning of each line in a particularly awful angst ridden poem I wrote when I was about 15 (believe me it's not committed to paper anywhere and I'm not likely to share it!) plus the first 3 digits of the phone number my grandmother had up until I was 4 years old.



I remember that incident. I'm not a member on that particular forum, but some people on the forum I do use were there too and it caused quite a stir at the time :eek:
Click to expand...

If you have trouble remembering passwords, then store them in a secure database - a good one (and free) is Keepass. ;)
 
A good way to create a memorable but secure password is to use things like words from an old address, a building name or such like and then swap out the vowels for numbers topped off with a special charachter at the begining and end. I usually swap A for 4, O for 0, E for 3 and I for 1. So, if you used to live in Sherborne, you password could be _Sh3rb0rne! Works for me :)
 
LemmingLover said:
A good way to create a memorable but secure password is to use things like words from an old address, a building name or such like and then swap out the vowels for numbers topped off with a special charachter at the begining and end. I usually swap A for 4, O for 0, E for 3 and I for 1. So, if you used to live in Sherborne, you password could be _Sh3rb0rne! Works for me :)
Click to expand...

It's a good idea, however most dictionary crackers know about this trick, and will use it, so it's not as secure as it seems!
 
RCAnderson said:
It's a good idea, however most dictionary crackers know about this trick, and will use it, so it's not as secure as it seems!
Click to expand...

<sigh>
 
Last edited:
RCAnderson said:
It's a good idea, however most dictionary crackers know about this trick, and will use it, so it's not as secure as it seems!
Click to expand...

I use a similar trick, but the collection of letters before hand isn't a word though, so a dictionary cracker won't work.
 
redddraggon said:
I use a similar trick, but the collection of letters before hand isn't a word though, so a dictionary cracker won't work.
Click to expand...

That's the best way to do it :) (as it's pretty much as good as random, but it's rememberable)
 
In a former job, our MD got twitchy about passwords one day, and sent an email to everyone asking them to change their passwords. Attached to the email was his spreadsheet of what everyone's current password was.
 
kuohu said:
In a former job, our MD got twitchy about passwords one day, and sent an email to everyone asking them to change their passwords. Attached to the email was his spreadsheet of what everyone's current password was.
Click to expand...

The network manager at my old 6th form used to do this (almost) he ran L0ftcrack on everyone's passwords, and everyone's who's was crack under a set time was forced to change it lol
 
kuohu said:
In a former job, our MD got twitchy about passwords one day, and sent an email to everyone asking them to change their passwords. Attached to the email was his spreadsheet of what everyone's current password was.
Click to expand...

we enforce a 30 day password rotation with the last 10 not being able to be reused.

however unfortunately as theyre not complex it leads to people using.. password1, password2, etc. i want to turn complex on but concensus is that people will just write them down..
 
neil_g said:
we enforce a 30 day password rotation with the last 10 not being able to be reused.

however unfortunately as theyre not complex it leads to people using.. password1, password2, etc. i want to turn complex on but concensus is that people will just write them down..
Click to expand...

There are a couple of schools of thought on this, one says that it doesn't matter if a password is written down as long as it's not left laying around. I've never been convinced by that particular argument myself - unless it relates to complex passwords used for home banking and the like that aren't likely to be overlooked and even then, I prefer a password database.

The other school of thought and the one I subscribe to is that password choice is a balance of risk. Users should choose something that works for them - i.e. is a mix of sufficiently strong and easy for them to remember. My current advice to users is to either join two or more unrelated words, make some letters some upper case and add some numbers and/or special characters or to use a phrase and take the initial letter of each word ('a stitch in time saves nine' becomes 'asitsn') make some upper case and combine that with numbers/special characters.
 
You must log in or register to reply here.
Back
Top