Slashdot Mirror

← Back to Stories (view on slashdot.org)

Crappy Passwords Very Common

Posted by CmdrTaco on from the no-shocker-here dept.

KeatonMill writes "CNN released this story about passwords. Apparently, a group of UK psychologists did a study about password selection, and found that many passwords can be guessed if access to the subject's desk is allowed (the article gives an example of sports memoribilia representing sports-related passwords). According to the study, 50 percent of people use names of family members or pets as passwords."

26 of 422 comments (clear)

  1. In other news... by bwulf · · Score: 5, Funny

    ... water found to be wet[1], sky found to be blue, Earth found to be round[2] and CNN found to be obvious.

    [1] at certain temperatures
    [2] well, almost

    1. Re:In other news... by Dinosaur+Neil · · Score: 2, Funny

      Back in '91 and '92, I was a junior sysprog on a mainframe system running two different OS's. The security systems (at the time) didn't talk to each other, but the users wanted to have a single password for everything. The result was an ugly kludge (that I got to maintain since I was most junior) and this allowed me to see the day's before/after password change file. 750 or so users, and there were at least a 200 or so that referenced John Elway and/or the Broncos (this was in Denver), another 100 or so that went path of least resistance (AAAAAA1, AAAAAA2, etc.), a couple dozen that used NCC1701, NCC1701A, etc. etc.

      Not only is this story obvious, it's seriously dated. Stupid/obvious passwords have probably been around as long as there have been passwords...

      --
      "I'm a scientist! I don't think, I observe!" - Dr. Clayton Forrester
  2. My desk... by Evangelion · · Score: 2, Funny


    ... is usually a fucking nightmare. Good luck trying to guess anything by it.

    [ note to self -- 3mptyC0k3C4n is not a good enough password anymore ]

  3. My password is... by jwinter1 · · Score: 3, Funny

    My password is and always has been newline, newline, newline.

    Gets me logged in quick, and noone seems to be able to guess those last two characters.

    --
    Anything you can do, I can do meta.
  4. People don't get password security by defile · · Score: 5, Funny

    I went to my bank the other day to assign a PIN to my ATM card. For this you need to sit down with a bank person at their desk. Just to be a pain in the ass, I asked her how many numbers I could enter (it's 7). She said 4. I entered 7 and it took.

    Then she went "How do you remember 7 numbers?" and I said "The same way I'd remember 4 numbers. It's not like remembering yet another set of numbers is going to be hard--I've memorized the passwords of at least 20 other services".

    To which the lady at the bank said "See, the best way is to just use the same password for EVERYTHING. This way you only need to remember one!"

    1. Re:People don't get password security by oo7tushar · · Score: 4, Funny

      The reason you want to enter 4 is because a lot of old systems only supported 4. They were trying to make you backwards compatible.
      But you raise an interesting point, passwords used to be the domain of the l33t (5, 10 years ago), but now everybody uses computers and they aren't as proficient. They can type, they can message but they don't understand computer security, for them the net is still their computer and the most secure box on the planet, why? because it's in their home.

      --
      internet like monkeys'
  5. No s**t, Sherlock by seldolivaw · · Score: 4, Funny

    I realised this the moment the team leader of our software development project -- a woman who is about to graduate with a *degree* in *computer science* revealed that her password for nearly everything was her name, spelt backwards. *D'oh!*

    1. Re:No s**t, Sherlock by Gabey · · Score: 2, Funny

      Was her name anna?

  6. Re:How to pick a good password by Tony+Hoyle · · Score: 5, Funny

    MY boss does this using nursery rhymes. Sometimes when he's on holiday we have to get into his machine... you end up with half a dozen geeks reciting nursery rhymes to each other until the correct permutation is reached.

  7. What about the inverse? by dsb3 · · Score: 5, Funny

    I once named a pet (it was a fish, in fact) after one of my passwords. Shame it wasn't one of the more pronounceable ones.

    --

    Slashdot? Oh, I just read it for the articles.
  8. Welcome to the Slashdot Server by Wordsmith · · Score: 4, Funny

    Welcome to the Slashdot Server

    Login: CmdrTaco
    Password: Kathleen

    "Whoohoo! I'm in!"

  9. ah so that explains it... by Anonymous Coward · · Score: 1, Funny

    i always wondered how so many people were able to post using my "Anonymous Coward" account name.

  10. Re:How to pick a good password by jcsehak · · Score: 2, Funny

    My favorite method is to take the first three characters of the title of your favorite opera and combine them with the last one. So if you're a fan of "Fidelio", then

    oh, crap... nevermind.

    --

    c-hack.com |
  11. What's wrong with pet's names? by felicity · · Score: 2, Funny

    "Of course my password is the same as my pet's name.
    My cat's name was Q47pY!3, but I change it every 90 days." - Roddy Vagg

  12. Re:Has to be crappy. by Anonymous Coward · · Score: 2, Funny

    From: Your Boss
    To: You
    Subject: Re: Locked again

    >Since (development machine == desktop PC == machine used to write docs)
    >Your suggestion is not helpful, but thanks anyway.
    >I repeat, page me when the ONE MACNINE is available again.

    Then where are you sending this email from?

    Oh yeah, a reminder -- employee reviews tommorow at 9:00. See you there.

  13. funny incident... by green1 · · Score: 2, Funny

    I remember working as a sysadmin for a company where the CEO was... a little less then brilliant... after setting up his new computer for him I set his local login password to "password" and had it force him to change it on first login so that nobody else would know the password yet it would be simple enough that even he could remember it the first time, when he came in the following conversation ensued:

    ceo: what's the password to my new computer?
    me: password
    ceo: I know that but what is it?
    me: password
    ceo: of course it is but what IS the password?
    me: the password is "password"
    ceo: would you quit that and just tell me what the password is!?!
    me: the password is "P - A - S - S - W - O - R - D"
    ceo: don't get smart with me young man! you don't want to make the person who signs your paycheques angry!!!!!
    (meanwhile in the other corner of the room the accountant and receptionist were just howling with laughter and the ceo couldn't understand why...)

    I finally led him over to the machine and made him watch the keyboard as I typed in "p - a - s - s - w - o - r - d" he suddenly changed his tune and was extremely appologetic and suitably embarrased... I didn't have quite so many run-ins with him after that... and it provided a much needed comedic break for the rest of the office.

    side note: I've since switched from that to using other simple words as initial passwords making sure to AVOID the word "password" (and after that initial password people were forced to use minimum 6 characters, not dictionary based)

  14. Re:this is abseloutly true by Speed+Racer · · Score: 2, Funny

    you can pick your friends, you can pick your nose, you can't however, pick your friends' nose.

    That's the boring version. Here's my personal rendition:

    You can pick your nose and you can pick your friends but you can't roll your friends up into little balls and flick them.
    --
    Free Mac Mini. Yes, I'm
  15. Re:Best password ever by zzyzx · · Score: 4, Funny

    My PIN is pi... The last 4 digits.

  16. Re:So? Only allow 'trusted' devices... by Detritus · · Score: 4, Funny
    You can't exactly ask your admin to change your fingerprints.

    I can change them for you. Where did I put that cheese grater...

    --
    Mea navis aericumbens anguillis abundat
  17. Re:That leads to DoS by Anonymous Coward · · Score: 1, Funny

    Back in the good old days I actually did this on one of the main University servers. Just wrote a simple script to do a "who's online" and save the data to a file. Run that for a couple of days, remove the duplicates, and you have a pretty good list of students.

    Then all you had to do was loop through the names and use "bitch" as the password 20 or so times (can't remember the exact number). The account would be locked out, requiring the student to go to computing services to get the account reset.

    Do this for the list of students that you have, and you can bet... computing services stays busy all week.

    I wish I could tell you all that I had a good reason for doing such a thing... but the truth is I was young and stupid. Just because you CAN doesn't mean you SHOULD.

    Then again... it did force the university to change/improve the way they did things. :)

  18. Re:Best password ever by ryanvm · · Score: 3, Funny

    Because he [my friend] changes his PGP keys every week.

    Wow - every week, huh? Does your friend wear a tinfoil hat and worry about Major League Baseball spying on him with a satellite, too?

  19. Jesus. by Penis · · Score: 2, Funny

    He must be really serious about his wife/girlfriend not finding his pr0n.

    Pen-15

  20. Bad practice for sysadmins by Alizarin+Erythrosin · · Score: 2, Funny

    There was some show on TLC once, and I only caught the end of it, but the part I did catch made me laugh. (memory fuzzy, so if I get a detail wrong sorry)

    These guys were hackers turned security consultants and were consulting for a financial company. They were "wardialing" the company's phone service looking for a computer that would answer, and when they got one, they entered "root" for the username, and (get this) "password" (!!!) for the password... and got in.

    You would think anybody who has the semi-intelligence to be a Unix sysadmin for that company would know to NOT USE "password" AS YOUR ROOT PASSWORD!

    I hope somebody got fired for that... sheesh

    --
    There are only 10 kinds of people in this world... those who understand binary and those who don't
  21. Re:Passwords.. by zbuffered · · Score: 3, Funny

    does anyone have any tips for things they do, or products they use to keep track of their dozens and dozens of passwords...?

    Use Microsoft(R) Passport(tm).

    --
    Synergy is your friend
  22. Re:Best password ever by Stephen+Williams · · Score: 2, Funny

    Okay, now we're getting into people coming up with stupid names for their pets.

    If I ever get a cat, I'm calling it "4tRv/qJ:"

    -Stephen

  23. Re:Biometrics... by Anonymous Coward · · Score: 1, Funny

    Here are some handy eight-letter passwords for those who don't have a random string generator: wqIL8xye, LYYQ4eH9, HpEyQA8H, VAljYih1, DoJJu8aq, Kdigic7E, maXMef5F, AQZEZ4pi. If you need some more, just let me know.