Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Most Popular Bad Passwords of 2015 (dice.com)

Posted by samzenpus on from the make-better-choices dept.

Nerval's Lobster writes: For years, security experts have told people they need better passwords protecting their online accounts: no more '123456' or 'qwerty' or 'password.' Based on SplashData's fifth annual list of the 25 most common passwords, however, it's clear that relatively few people are listening to that advice. The firm based its list on more than 2 million leaked passwords during the year. The most popular, as in 2014, was '123456,' followed by 'password' and the ingenious, uncrackable '12345678.' One new entry on this ignoble list: 'starwars' in 25th place, no doubt thanks in part to the popularity of 'The Force Awakens' and the accompanying marketing campaign. Seems like a lot of people have forgotten (or never learned) that, while it's a pain to create (much less remember) a complicated password with lots of numbers and special characters, it's nothing compared to the pain of having your online accounts compromised. Maybe, as some have proposed, we could someday kill passwords for most services.

3 of 165 comments (clear)

  1. Top 25 from my SSH honeypot-- by sillivalley · · Score: 4, Interesting

    Here's the top 25 captured by my SSH honeypot so far this year as count [account/password]:
    2132 [root/root]
    2110 [root/admin]
    2107 [root/123456]
    2107 [root/1234]
    2104 [root/password]
    2102 [root/root123]
    2102 [root/12345]
    2101 [root/p@ssw0rd]
    2101 [root/123]
    2098 [root/1]
    2091 [root/test]
    1907 [root/wubao]
    1905 [root/!q@w]
    1905 [root/jiamima]
    1905 [root/!@]
    1900 [root/idc!@]
    1900 [root/!]
    1899 [root/!qaz@wsx]
    1899 [root/admin!@]
    203 [root/superuser]
    203 [root/public]
    203 [root/power]
    203 [root/calvin]
    203 [root/alpine]
    203 [root/admin123]

    Around 400k ssh login attempts so far in 2016, mostly from China.
    If someone could explain "wubao" and "jiamima" I would greatly appreciate it!

    1. Re:Top 25 from my SSH honeypot-- by Anonymous Coward · · Score: 2, Interesting

      calvin is/was the default password for most DRACs (Dells Remote Access Controllers).
      Its interesting to see it that high on the list.

      What ist China hunting for?
      DRACs that are directly exposed to the Internet with the default password in place?
      And are the other top hits default passwords as well?

  2. What I do for my passwords by m.alessandrini · · Score: 4, Interesting

    Seriously, can you give me advice if this is a safe approach? To remember the passwords for the many web accounts, and to not reuse the same password everywhere, I use a password made from a fixed difficult sequence of characters (the same for all sites), then add a couple of letters depending on the site's name. If sites, as it should be, store only the digest/checksum of the password, even in case of stolen database one should not be able to reverse it and find the original password with the "algorithm" to apply it to other sites. I'm not a crypto expert, do you think this can be reasonably safe?