How Common Is Your PIN?

phantomfive writes: We've seen password frequency lists, here is an analysis of PIN frequency with a nice heatmap towards the bottom. There is a line for numbers starting with 19*, which is the year of birth, a cluster around MM/DD for people's birthdays, and a hard diagonal line for the same digit repeated four times.

hey, if you type in your pw, it will show as stars

(Cthon98) hey, if you type in your pw, it will show as stars
(Cthon98) ********* see!
(AzureDiamond) hunter2
(AzureDiamond) doesnt look like stars to me
(Cthon98) (AzureDiamond) *******
(Cthon98) thats what I see
(AzureDiamond) oh, really?
(Cthon98) Absolutely
(AzureDiamond) you can go hunter2 my hunter2-ing hunter2
(AzureDiamond) haha, does that look funny to you?
(Cthon98) lol, yes. See, when YOU type hunter2, it shows to us as *******
(AzureDiamond) thats neat, I didnt know IRC did that
(Cthon98) yep, no matter how many times you type hunter2, it will show to us as *******
(AzureDiamond) awesome!
(AzureDiamond) wait, how do you know my pw?
(Cthon98) er, I just copy pasted YOUR ******'s and it appears to YOU as hunter2 cause its your pw
(AzureDiamond) oh, ok.

- http://bash.org/?244321

Re:hey, if you type in your pw, it will show as st

so funny. 10 years ago.

1234 passwords

Those 1234 passwords that people always talk about, those are just from temporary e-mail addresses that people create when they want something anonymous.
I've created plenty of accounts with incredibly easy passwords, because I only used them once and didn't care if the accounts would be hacked a minute after creation.
PIN numbers are not the same thing as passwords.
This is not an analysis of PIN frequency, it's an analysis of 4-digit numeric-only passwords.

Re:1234 passwords

[unixisc]

I'm thinking particularly of the pin# for Windows 10. For some things, I pick numbers that few will think of other than me. For others, like say my work account, I picked the 4-digit number of the building of my employer's headquarters, since there's a good chance that I'd have to share that w/ colleagues.

I don't exactly see the point of trying to create a complicated PIN, since there are just 10,000 combinations. So might as well pick something that's easily remembered.

Ha...

[Type44Q]

My psycho/retard ex would *always* uses "0852" for her PIN. Why? Sheer fucking laziness.

Re: Ha...

ditto. Same PIN, same password on everything for a quarter century.

Yet, it never seemed to cause a problem.

Re:Ha...

I liked how they did it in the military: same PIN every time, but randomized the keypad :)

Re:Ha...

Funny how exes are frequently psycho/retards.

BTW, what's her name and where does she live? I just want to know so I can avoid her, that's all.

Re:Ha...

"Funny how exes are frequently psycho/retards."
If she weren't, there'd have been a lot less reason to break up.

Re:Ha...

Ever notice that the only common element in all your failed relationships is you?

Re:Ha...

[TheCarp]

You say that now.... but.... actual conversation that happened (names have been changed to protect the terrible):

(driving down the road with a friend I had recently started hanging out with)
me: "I know a family lives down that street, fucking crazy as fuck. Friend of mine dated their daughter, it was terrible, the day I picked him up and we loaded his shit into my car, she was telling him she was 'pregnant' again"
her: "Lol my Brother had a kid with a crazy girl on that steet, Jodie Simpson"

And we are not in some small town either, there are probably 50 houses on that one street, we are about as densly populated a city as you find in the US. Some people still manage to stand out.

Re: Old news

[bill_mcgonigle]

You are worthy of the nerd card. Very few others are. I bet that feels really good. You're special, for sure.

Not even PIN data

[OzPeter]

From TFA

Obviously, I don’t have access to a credit card PIN number database. Instead I’m going to use a proxy. I’m going to use data condensed from released/exposed/discovered password tables and security breaches.

By combining the exposed password databases I’ve encountered, and filtering the results to just those rows that are exactly four digits long [0-9] the output is a database of all the four digit character combinations that people have used as their account passwords.

Re:Not even PIN data

[hankwang]

I would guess that it's a reasonable proxy for PINs that people get to choose themselves, such as those for SIM cards and phone unlock codes. Where I live, you don't get to choose the PIN for your debit card.

As for my phone: it has an encryption password, an unlock code, and a SIM PIN, in order of decreasing complexity, related to the potential for damage if someone guesses it right and to the number of tries before the system locks/wipes itself.

Re:Not even PIN data

[jbmartin6]

TFA also explains why the author believes the dataset is relevant for ATM PINs and similar.

Re:Not even PIN data

[ShanghaiBill]

I would guess that it's a reasonable proxy for PINs that people get to choose themselves

I don't think so. I often use something like "1234" for some stupid throwaway account on a website that shouldn't even have accounts in the first place. But I use something pseudo-random (meaningful to me, but random to anyone else) for anything important, like a bank card.

Re:Not even PIN data

Exactly, I wonder if there's any significant difference between the PIN and passwords people use for different types of services.

Personally I use three types of passwords, for throwaway accounts that I gave no personal info/payment info, like newspaper sites, xda, etc, I just use "password" as the password, adding a "!" and or "0" as needed.

For sites that I sort of want to hold on to the account but has no personal/payment info (/. for example), I use my old phone number for it.

I only actually attempt to use secure and unique passwords for sites that I think needs it, like bank account, government sites, steam, etc.

I suspect (hope) that a majority of the "1234" and "0000" are just for throw away accounts that the owner doesn't care about.

Re:Not even PIN data

[tgv]

> TFA also explains why the author believes the dataset is relevant for ATM PINs and similar.

Believing is most certainly not good enough. It's just an excuse to make his finding look more interesting than it is, which is: hacked password lists contain many simple passwords, nobody really knows what for.

Re:Not even PIN data

I would guess that it's a reasonable proxy for PINs that people get to choose themselves, such as those for SIM cards and phone unlock codes. Where I live, you don't get to choose the PIN for your debit card.

Where I live, we get two envelopes (hopefully on different days!). One contains your replacement card, and the other has the factory-set PIN. You can take your card to a bank branch and change your PIN to something else.

At least my pin 8068 is safe

[mdsolar]

Oh, wait...

Re:At least my pin 8068 is safe

Eh, I win the popularity contest. 1234 ftw!

Re:At least my pin 8068 is safe

I live in France -- PINs are assigned automatically, and cannot be changed by the user.

Re:At least my pin 8068 is safe

"I set my ATM card's number to "0001" because I'm number one!"

Re:At least my pin 8068 is safe

[OzPeter]

"I set my ATM card's number to "0001" because I'm number one!"

Let me introduce you to this thing call 0-base numbering. Because with *my* PIN of "0000", I'm #1 and you are a poor excuse for a #2

Re:At least my pin 8068 is safe

[penix1]

Which is monumentally STUPID! That leads to people writing it down just so they can remember it. I can see my idiot brother even writing it on the card so he doesn't have to remember it!

Re:At least my pin 8068 is safe

[plover]

Which is monumentally STUPID! That leads to people writing it down just so they can remember it. I can see my idiot brother even writing it on the card so he doesn't have to remember it!

People get all panicked about "writing down their passwords." I have never seen a case where a hacker was able to reach through the internet and shoulder surf that piece of paper. Offline analog storage has a much better security profile than the average bureaucrat's Excel spreadsheet full of passwords.

Sure, local attacks on the paper are possible, but extremely rare when compared to online attacks. Paper records have a much lower risk profile.

Re: At least my pin 8068 is safe

Rare huh? If I wanted to hack damn near any company or government entity. I wouldn't do it over the internet. I'd get a job as a janitor to start with and easily find someone's credentials under a keyboard. Even with clean desk policies and policies against writing down passwords. You will find oh roughly 6 out of 10 people do it in any office environment. Just snoop some of your coworkers areas and you'll find a password in under 10 minutes. 100% guaranteed.

Re:At least my pin 8068 is safe

[alexhs]

I've never seen anyone needing a cheat-sheet to enter their PIN around here. So, it appears that the French population at large is able to remember a 4-digit number.
I'm sorry to hear that the average American is unable to do that.

By the way, the way it's done, they give you your credit card at the counter or in the mail, and send you your PIN in a separate mail, your banker never knows the PIN either. The mail with the PIN contain safety instructions: memorize it, keep it confidential, never store it along the card, and, apparently, people are able to follow these instructions. The PIN is permanent, so when the card expire, by default the next card will have the same PIN. It's only if your card has been stolen or otherwise compromised that they will issue you a new PIN.

Re:At least my pin 8068 is safe

[Dunbal]

No that just means you're a zero. Kind of like being stillborn. Yeah you were born first, but...

Re: At least my pin 8068 is safe

[cloudmaster]

I have a Post-It stuck to the bottom of my keyboard with the word "pa$$word1" written on it, and have for years. I like to imagine that one day someone will try logging in to my account with that, thinking to themselves "wow, the sysadmin has a terrible password" just before it doesn't work.

It's the little things that get you through the day...

Re: At least my pin 8068 is safe

[KGIII]

You should find a way to use it as the duress password so that, if used, it sets off a loud klaxon alarm complete with the brilliant strobing lights. It would be awesome.

Re: At least my pin 8068 is safe

[fbobraga]

greatest idea ever!

Re:At least my pin 8068 is safe

[fbobraga]

I've never seen anyone needing a cheat-sheet to enter their PIN around here. So, it appears that the French population at large is able to remember a 4-digit number. I'm sorry to hear that the average American is unable to do that.

Providing PINs (which is a 4-digit number) look a very welcome idea to me! * it's something like already occurs here in Brazil, with SIM PINs and bank ATM machines ^^

Re:At least my pin 8068 is safe

[Cro+Magnon]

The main thing, IMO, is that the PIN is permanent. My ATM PIN was bank-selected, and though I can change it, I've never had any reason to do so. The numbers aren't connected to me, but I remember them just because I've always had them.

Re: At least my pin 8068 is safe

[Quirkz]

Okay, that made me laugh. That's a pretty good one.

I once found a password stickied to the monitor of a dean of a major state university. The thing is, the password was the dean's initials and year of birth, so I'm not really sure why he needed it to be stickied there. Possibly it was for the rest of the staff to get in and do things for him when necessary, but it still made me roll my eyes.

Re:At least my pin 8068 is safe

How did you jump from PINs to passwords? PINs are often associated with credit/debit cards, and someone who writes that down then may well also keep it with their card in their wallet/purse, which if pick-pocketed can then be easily used.

Super old blog

[MrLogic17]

I thought this blog posting on PIN numbers looked familiar - then I looked at the publish date. September 3rd, 2012.

Um, guys?

Re:Super old blog

/. is yesterday's news tomorrow.

Re:Super old blog

What is old is new again.

Re:Super old blog

> PIN number

So I was on my way to the ATM machine and I realized I had forgotten my PIN number. I panicked, but then I realized that it's not worth worrying about. Life is too short. We could get hit by an ICBM missile tomorrow or find out that I've tested positive for the HIV virus. So instead I got some KFC chicken, listened to some NPR radio on the way home, then read some DC comics.

But then I got an alert on my LCD display: "Are you putting enough in your IRA account?"

What was I doing? I'm no genius (I didn't score highly on the SAT test - probably because I spent too much time on BBS systems and IRC chat instead of studying), but I knew it was time to go over the finances. Should I refinance the house to get an ARM mortgage? But on the other hand, I didn't want to become one of those crazy people who keeps everything down to the receipts and writes down all the UPC codes and ties everything to the CPI index. Not like I have the attention span to do that anyway, given how bad my ADD disorder can be.

Unfortunately, at that time my computer went out. :-( I don't know what's wrong with it. Other devices on the same LAN network can't see it. It won't even get past the POST test. I don't know if it's a problem with my VGA array or not having enough RAM memory, or maybe my CPU unit is bad.

So with my computer not working, I found the DVD disc of Arrested Development season 1 and watched that instead. I think GOB Bluth is my favorite character.

Re:Super old blog

[Mashiki]

This is /. so that's new and exciting information. Just be happy it was only almost 4 years ago.

Re:Super old blog

> PIN number

So I was on my way to the ATM machine and I realized I had forgotten my PIN number. I panicked, but then I realized that it's not worth worrying about. Life is too short. We could get hit by an ICBM missile tomorrow or find out that I've tested positive for the HIV virus. So instead I got some KFC chicken, listened to some NPR radio on the way home, then read some DC comics.

But then I got an alert on my LCD display: "Are you putting enough in your IRA account?"

What was I doing? I'm no genius (I didn't score highly on the SAT test - probably because I spent too much time on BBS systems and IRC chat instead of studying), but I knew it was time to go over the finances. Should I refinance the house to get an ARM mortgage? But on the other hand, I didn't want to become one of those crazy people who keeps everything down to the receipts and writes down all the UPC codes and ties everything to the CPI index. Not like I have the attention span to do that anyway, given how bad my ADD disorder can be.

Unfortunately, at that time my computer went out. :-( I don't know what's wrong with it. Other devices on the same LAN network can't see it. It won't even get past the POST test. I don't know if it's a problem with my VGA array or not having enough RAM memory, or maybe my CPU unit is bad.

So with my computer not working, I found the DVD disc of Arrested Development season 1 and watched that instead. I think GOB Bluth is my favorite character.

Good one, Centurion!

Not for me to choose

For debit cards the PIN are issued by the bank, you use what you're given and that's all. Similar thing in a few other occurrences where snail mail or a machine gives you a PIN. It's a very short password so that it can be remembered, so it might as well be random. Been that way for about 25 years. Remember that scene from Terminator 2 with the ATM? ("Easy money!"). That's chip + PIN it seems! That's when the chip + PIN technology dates from.

On cell phones? I settled on a low tech solution, get rid of the damn PIN. On dumb phones it seems that PIN is used at start up anyway, not at unlock, thus you could use it as long as it stays powered, until I order a replacement SIM.
I do have a smartphone now, but it has no SIM card in it and I leave it at home mostly (and it needs not be logged in in anything). It's a Firefox OS bought shortly before the death announcement. No PIN and no log in to download apps (which I mostly don't need anyway). Steal it and what you'll get is a small web browsing history, "bookmarked" FM stations and not much else.

This is why I use...

the last for digits of Pi for my PIN.

Re: This is why I use...

Plot twist...they are 12 3 4.

Re: This is why I use...

But what base?

Re:This is why I use...

[reboot246]

I use God's birthday - 0000.

Re: This is why I use...

My pen is black usually but when I really wanna go dark I use the invisible kind.

Re: This is why I use...

There is no year zero in the Gregorian calendar.
Also, don't you mean Jesus?
If God really created earth, he must be over 4.5 billion years old.

Re: This is why I use...

[Kojow777]

Also, don't you mean Jesus?

Technically, Jesus and God are one in the same. John 1 and Collossians 1 both talk about Jesus as the Creator of all things. He just didn't have the name Jesus until approximately 1AD when He came to dwell among us in the flesh.

Re: This is why I use...

[KGIII]

I think that's the trinity folk and not all Christians subscribe to that, as far as I know. There's God the Father, God the Sun, and God the Holy Ghost. They are one and the same divinity, the holy trinity, but different manifestations of that self.

At least that's how I understand it. I am not actually a Christian but I know some. I even spent some time studying with the Jehovah's Witnesses and, at one point, spent a goodly amount of time with a young lady who was a Mormon. For the record, no we did not have sex but we did sort of have a relationship - it's complicated. She's dead now. Ah well... She was good people.

Re: This is why I use...

[cerberusss]

There's God the Father, God the Sun, and God the Holy Ghost

So, it's basically, God, Ra, and God again? :-P

Re: This is why I use...

[stealth_finger]

There's God the Father, God the Sun, and God the Holy Ghost

So, it's basically, God, Ra, and God again? :-P

I dunno if he made a typo but Jesus is actually the Sun and may as well be Ra.

Re: This is why I use...

The "trinity folk" as you call them make up about 98% of all Christians. In the aforementioned verses the Bible clearly shows that Jesus is God. Many who do not agree with the Bible's teachings on Jesus may call themselves Christians but most Christians would see them as part of a cultish sect rather than Christians.

Re: This is why I use...

[danbob999]

That's right, no year 0. Jesus was born on year 1 BC. That's right, year one before himself. As he was born on December 25th and the year 1 started on January 1st.

Re: This is why I use...

Also, don't you mean Jesus?

Technically, Jesus and God are one in the same. John 1 and Collossians 1 both talk about Jesus as the Creator of all things. He just didn't have the name Jesus until approximately 1AD when He came to dwell among us in the flesh.

Jesus is Jehovah the Creator. However, during his earthly ministry, he did talk about his Father. In Genesis, Jehovah said "Let us go down" to form man "in our image and likeness". After Adam and Eve partook of the forbidden fruits, they "became as the gods, knowing good and evil."

Re: This is why I use...

[Some_Llama]

maybe 98% of "christians" don't know the bible from a hole in the ground. at least that is how it seems from the fruit that they bear. the majority of what people call "christians" (catholics) also worship graven images and the mother of jesus and believe that you need to confess your sins to a priest when jesus did away with the whole jewish mediator thing in the first place.

the whole point of the bible is that you can go and read it for yourself and find god for yourself.. you don't need anyone else, who is most likely blind anyway, to lead you.

Re: This is why I use...

Fortunately there are far more interesting works of fiction available these days, so I don't need to read a book that is only talked about because millions of people mistake it for being true.

Quick, someone make a website

[Solandri]

All you have to do is enter your PIN and it'll tell you how common it is.

Re:Quick, someone make a website

[MacTO]

Thankfully most people's account number is more random than their PIN.

Somebody send this to the FBI,...

they need some good pin codes for some project or other that they were working on.

Re: Somebody send this to the FBI,...

Imagine if they finally got Apple's help, and the PIN was 123456.

Always nice to see this again...

[aaarrrgggh]

I guess it has been over six months since it was last posted on /. but a dupe none the less...

Re:hey, if you type in your pw, it will show as st

[epyT-R]

Still funny today.

So why does the FBI want Apple to crack the iPhone

[charles05663]

From the article it seems that they have a pretty good chance of guessing the password in just a few attempt.

We all know the real reason...

Weird

Am I the only one who uses a random number generator to pick their pin numbers?
The banks I've dealt with also don't allow numbers like 1111 or 1234.

Re:Weird

[plover]

Back in the eighties, I was opening a bank account and the guy told me to pick a PIN. I pulled out my trusty Casio programmer's calculator, hit the random button 4 times, and wrote down the last digit of each.

So, no. You're not alone.

Re:Weird

[nbauman]

Back in the eighties, I was opening a bank account and the guy told me to pick a PIN. I pulled out my trusty Casio programmer's calculator, hit the random button 4 times, and wrote down the last digit of each.

I did something like that to get a random PIN, and the bank system rejected it because I had repeated the same digit twice in a row.

Re:Weird

[Tony+Isaac]

Sadly, you probably ARE the only one.

Re:Weird

The bank I deal with won't allow those either - not because they are obvious, but because they don't have enough digits in them. I thought all banks were switching to 6 digit PINs since about 10 years ago, but apparently not, going by this story.

Re:Weird

[fbobraga]

I did something like that to get a random PIN, and the bank system rejected it because I had repeated the same digit twice in a row.

stupid password rules... There's tons if it everywhere!

Re:Weird

so do i!

Re:Weird

all they are doing is reducing their possible set of pins down from an already pathetic 10,000.

False

The diagonal line is not the same number being repeated 4 times, it's the same two-digit number repeated two times.

Clarification

[wonkey_monkey]

and a hard diagonal line for the same digit repeated four times.

No - or at least not entirely. The hard diagonal line represents the same pair of digits repeated - 1010, 2424, 8585.

There are brighter spots on that diagonal line for each of the "same digit" combinations.

Re:So why does the FBI want Apple to crack the iPh

[MacTO]

If I recall correctly, the FBI wants Apple to disable the feature that disables or formats the device after too many incorrect attempts. Just because it is possible to crack 1 in 5 accounts after a handful of attempts doesn't mean that you will be able to crack a particular account in a handful of attempts (particularly if that person is paranoid).

The price of a cheese....

[Santas+L+Helper]

The price of a cheese pizza and large soda and panucci's pizza. $10.77.

Re:The price of a cheese....

[Quirkz]

That's handy, until your your password changes with inflation.

Re:The price of a cheese....

[Santas+L+Helper]

I'm guessing you missed the Futurama reference?

Re:The price of a cheese....

[Quirkz]

I've more or less missed Futurama, let alone any references. I never got past "It's not the Simpsons." (Speaking of, nice handle, by the way.)

Interesting

[jbmartin6]

Just a quick overview, but it appears the selection of PINs obeys Benford's Law

Re:Interesting

Yeah... maybe. But these PINs can contain a zero.

#10...

We all know what you like! Personally, I just use the first 4 digits of my home address. Easy to remember.

Re:#10...

#10 is 6969

Re:#10...

[KGIII]

Chantilly lace and a pretty face?

Err... Yes, yes I am old. Whatever gave you that idea? I know what you like... Fortunately, Ms. KGIII is still awake and my (bad) signing and attempts to sit-wiggle/sit-dance aren't awakening her.

Is the least-password list outdated yet?

[davidwr]

I'm just wondering whether those "bottom 100" are still at the bottom.

On another topic, how many people use their /. ID number as their PIN? Go ahead, raise your hands, don't be shy.

No respect for Tommy Tutone

[antifoidulus]

I can't believe "5309" isn't in the top 10, don't people love Jenny anymore?

Re:No respect for Tommy Tutone

"The fouth most popular seven digit password is 8675309"

Bank security compromised?

[fremsley471]

El Reg a few years back had a story that in the nineties, one of the big four banks in the UK had its security team compromised. New cards had a PIN set from only one of three choices. That meant that anyone intercepting a card who knew the three could go haywire with the account. The customer wouldn't know and the bank couldn't explain it.

Could have been cock and bull, but it's a possible small source of non-randomness.

Beaultiful graphics

Does anybody knows what program was used to plot such beaultiful graphics?

42069? What is it?

[rduke15]

FTA: "For five digit passwords, [...] All the usual suspects occur, but a new addition is the puerile addition in position #20 of the concatenation of 420 and 69."

Am I competely sutpid, or is there some cultural reference here, which I don't get? Why "42069"? Why is it puerile?

Re:42069? What is it?

[Frosty+Piss]

420 = weed.
69 is, well, 69.

You may continue to speculate...

Re:42069? What is it?

[rduke15]

Thanks. Yes, 69 was obvious, but not 420.

Re:42069? What is it?

[fbobraga]

depends of the context (420 was more obvious than 69, to me...)

Re:hey, if you type in your pw, it will show as st

grumpy much? :P

It would have been nice

It would have been nice to see the list so we can see where our pins rank. I really don't think a list like this falling into hackers hands would have much effect anyhow.

Re:It would have been nice

they already post the heat map, an inteligent hacker could use that to derive the comon ones.

Safe!

[rebelwarlock]

Ha! 1337 didn't even make the list!

Looks like it's 1234

[spiritplumber]

incredible! it's the same PIN as my luggage!

Re:hey, if you type in your pw, it will show as st

[KGIII]

I still have a hard time not laughing when I read the one about the robe and wizard hat in its entirety. I dunno? Maybe I really am a five year old.

factor in the importance of data being protected

[dwater]

I would be interested in seeing the results of an investigation into a similar study that also factors in the importance of what is *behind* the password.

I don't think I'm the only one who puts more effort into choosing a 'good' password for things that are of value. I choose really quite poor passwords for things I really don't care about - eg have no sensitive information behind the login. For things like cash point cards, and other things in front of my actual money, I attempt to use much better passwords.

I think there are many things of little or no value, while just a few of high value. I guess this might skew the numbers somewhat. It's probably quite difficult to factor in this aspect, but it makes me question the conclusions.

In Autstria

[rosencreuz]

That doesn't matter because you cannot change your PIN.

Re:Old news

What I find most interesting is that I posted a link to this on Reddit a couple of days ago while discussing passwords in relation to Eve Online. When I did it, i remembered having seen it on slashdot, found it here, but only posted the datagenetics link because the heat map was what was relevant.

Really makes me wonder, there is a lot of crossover in these communities.... Did an old slashdot story end up back on slashdot via way of reddit and Eve Online? I mean, it was just days ago :
https://www.reddit.com/r/Eve/c...

Re:hey, if you type in your pw, it will show as st

[U2xhc2hkb3QgU3Vja3M]

Care to share with the rest of us? Got a link?

Re:hey, if you type in your pw, it will show as st

[Muros]

It's all over the place on the web, this one has a few of his chat logs

Department of Redundancy Department

PIN Number: Personal Identification Number Number.

The author of the article is an idiot.

Re:Department of Redundancy Department

Yep. Stopped reading right there.

Re:hey, if you type in your pw, it will show as st

[Quirkz]

I put a video game character named Hunter2 into one of my novels because of that piece.

Re:hey, if you type in your pw, it will show as st

[KGIII]

Muros' link is perfect. Note, it's important to read all of it. As the robe and wizard hat make multiple appearances. Two, to be exact. However, the whole thing is fantastic. I'm gonna read it again.

Re:hey, if you type in your pw, it will show as st

[KGIII]

That's perfection. I think that's the whole collection. I'm gonna read 'em again. I can't help it. I'm a five year old.

*holds up his hand with his fingers spread* I'm this many years old!

I must be 'cause that's funny as hell.

Security

[phorm]

The funny thing is that my desk phone at work requires a more secure password for f***ing voicemail than my bank account does. The work one needs to be changed every few months, and you can't re-use your previous passwords. My bank would be happy to accept 1-1-1-1 for perpetuity.

use 'Diceware'

See http://world.std.com/~reinhold/diceware.html and https://en.wikipedia.org/wiki/Diceware.

Works for me, and is free (since I still have all my D&D dice) - it takes a little work on the user's part, but isn't your security worth it?