Your Password Still Sucks: SplashData Unveils The 25 Worst Passwords Of 2011

19

Comments

+ Add a Comment
avatar

Athlonite

My current Pword would take an hacker 5 million years to hack (with an current i7 based PC) but is also easy for me to remember

avatar

biggiebob12345

As the GRC Haystack password test has shown...all you need to do is use a 3 word phrase as your password with a number at the end and no one will every be able to brute force it.  The people who think you have to use  30 character gibberish passwords are just retarded.

My paypal password would take an array of computers 9370 centuries to brute force according to the test.  A few trillion centuries for an online brute forcing scenario.

avatar

compro01

hmm.  my "i don't care" password is on there.

avatar

MastaGuy

See what I do is use password generators and find the one I like the best and easiest to remember.

 

Usually passwords that repeat but are random enough to never be used by anyone else

avatar

Holly Golightly

Maybe if there was an option to not have a password.... Maybe we would not see these dumb passwords to begin with? Not everybody likes passwords. Yet we are forced. So picking something easy to remember is better than forgetting a really hard password. Just imagine how personal out personal computers would be if we did not have to type a password to access our own personal content with our personal computers. Passwords feel impersonal. Like... If I was using a computer at the public library. Those days are over. I say, add an option to ditch passwords in the first place.

avatar

0ly1r3m@1ns

password are there to protect your content also windows dose have an option to remove your password, now if we didnt have passwords i could easly hijack your mpc account and just spam every thing and get you banned

avatar

Holly Golightly

...Not if the account is locked to my computer. There are always ways around it, but to have a permanent account cookie would be better than me having a silly password some hacker could simply breach either way. Passwords are not secure, as we recently saw with the Sony PlayStation security breach.

avatar

mattman059

I seriously hope theres sarcasm somewhere in there....

avatar

Holly Golightly

No, I was being absolutely serious. I hate having to type passwords on my personal electronics nobody else will ever touch.

avatar

mattman059

 

Yes, so if someone were to hack into "your" machine, they would have privilaged access to everything you own....great idea

 

avatar

Holly Golightly

It is harder to hack one particular machine than it is to hack a server with many machines connected to it. Fact is, nothing is secure. We have seen passwords get hacked many times. If we link accounts to our motherboard ID numbers, then there is no way around it. 

avatar

Captain_Steve

I've actually had Steam do that to me; they'll start calling BS on me logging into my Steam account if it isn't from the computer that I do all my game buying/playing from.

 

Makes sense; most people tend to do 99% of their sensitive data use from the same machine, that does seem like it could be a security all on it's own.

avatar

Holly Golightly

They can also work with Anti-Virus programs to better protect those access cookies. Stronger encryption so your machine does all the work for you. It works, and it should be adopted as the new "password" system. Makes life easier in my opinion.

avatar

Brian Dowding

I've done security penetration testing before, internally for a large company we all heard of before. I still work in IT today, but no longer in security, but in mainframe administration.

Passwords will ALWAYS be more secure than anything software can accomplish as a substitute. I can NOT stress that enough. Compared to the mind, software schemes are comparatively idiotically simple toys that can be defeated with enough motivation and skill.

Biometrics may be feasible substitutes, but these devices that facilitate it are also easy to dupe than is our own personal thoughts.

The strength behind the function of a password is that you provide a variable only your MIND can know.

Weak passwords are the result of one of two things = pure laziness, or pure ignorance to WHY they are used and HOW they become effective. It is demonstrable that many fall into the former or latter by studies that show so many duplicate passwords with little consideration behind them.

I'm sorry if they seem inconvenient to you, but the flaw here is the user, not the system.

And for the record - weak passwords had nothing to do with how Sony got hacked. I can appreciate how many don't have the training to get it. Usernames and passwords were obtained when hackers got in - usernames and passwords were not HOW they got in. Just thought the distinction was worth pointing out since you misused the story as proof of passwords ineffectiveness - it is a little ridiculous to think "MY" SOE (Sony Online Entertainment) user account at SOE games for an online game would ever grant anyone admin rights to the server the game runs on.

avatar

mattman059

Unfortunately there will always be a tradeoff between password complexity and how easy it is to remember the password. If the password is overly difficult then users will inevitably write it down (which defeats the purpose of a strong password), thus users create passwords that THEY feel is "secure" and easy to remember.

(ie) User : " My moms name is betty...so my password is betty9" 

avatar

ApathyCurve

Corporate makes us change our password every few weeks, and it can't bear any relation to any previous passwords.  It has to be alphanumeric, at least 10 characters of mixed letters and numbers... you know the drill.  Consequently, everyone in the office have stickys all over their monitors with crossed-out passwords -- and one that isn't crossed out.

Corporate IT thinks this is working as intended.

avatar

Phantom-e

I have the same situation for the corporation that I work for, and they clamped down hard on the sticky note technique. Problem is that workers aren't as concerned about their LAN access being compromised as they should be, not to mention that if they're in a secured building that requires card access to get in, they don't think they should worry about others gaining access. Certain departments go a step further and have biometric devices such as fingerprint scanners to gain access, and others use FOB's 

avatar

lostcause64

The sad part is how many of the people using these kinds of passwords for their online world actually jump thru crazy hoops for real world security. Like spending lots of cash on home security services and car alarm systems...

avatar

kixofmyg0t

How are people this stupid? 

Log in to MaximumPC directly or log in using Facebook

Forgot your username or password?
Click here for help.

Login with Facebook
Log in using Facebook to share comments and articles easily with your Facebook feed.