The 20 most popular passwords

Tyler Aviss tjaviss-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Tue Jan 26 14:51:42 UTC 2010


On Mon, Jan 25, 2010 at 10:43 AM, Gary Layng <glayng-rieW9WUcm8FFJ04o6PK0Fg at public.gmane.org> wrote:
> These define the term, "PEBCAK error".
>
> http://blogs.zdnet.com/security/?p=5325&tag=trunk;content
>
> The most popular password, according to ZDNet's sources: 123456
>
> If your name is Nicole, Daniel, Jessica, Michael and Ashley, chances are real
> good you're an idiot.  Those names are all passwords on the Top 20 list.
>
>
> --
> Stephen Fry:
>
> It is not science that is arrogant: science can be defined as ‘humility before
> the facts’ — it is those who refuse to submit to testing and make
> unsubstantiated claims that are arrogant. Arrogant and unjust.
> --
> The Toronto Linux Users Group.      Meetings: http://gtalug.org/
> TLUG requests: Linux topics, No HTML, wrap text below 80 columns
> How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
>


That's that the same password I have on my luggage!!!

Actually in many cases where people use names for passwords, I've
found that it's not their own name so much as their children or other
relatives. Still easy to guess, but not quite as dumb as using your
own name.

Then again, given that most companies use the old "mother's maiden
name + birthday" option to reset/change passwords, how much better are
most customer service depts?

A lot apps nowadays at least have (or should have) a quick sanity
check equivalent to:

return $username eq $password ? 0 : 1;


To catch other dumb ones without a cracklib to reference...:
case $password:
  "$username":
  "$firstname":
  "$lastname":
  "$firstnamelastname":
  "$firstname lastname":
    print "This password is easily guessed and not secure, please try another";
    return 0;
  ;;
  default:
    return 1:
  ;;
esac
-- 
Tyler Aviss
Systems Support
LPIC/LPIC-2

“Even enemies will help each other if they are together on a boat that
is in trouble. ” – Sun Tzu
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists





More information about the Legacy mailing list