Slashdot Mirror

← Back to Stories (view on slashdot.org)

Why 'ji32k7au4a83' is a Remarkably Common Password (gizmodo.com)

Posted by msmash on from the closer-look dept.

A seemingly complex set of characters like "ji32k7au4a83" is a very common password among users, it turns out. From a report: This interesting bit of trivia comes from self-described hardware/software engineer Robert Ou, who recently asked his Twitter followers if they could explain why this seemingly random string of numbers has been seen by Have I Been Pwned (HIBP) over a hundred times.

Have I Been Pwned is an aggregator that was started by security expert Troy Hunt to help people find out if their email or personal data has shown up in any prominent data breaches. One service it offers is a password search that allows you to check if your password has shown up in any data breaches that are on the radar of the security community. In this case, "ji32k7au4a83" has been seen by HIBP in 141 breaches. Several of Ou's followers quickly figured out the solution to his riddle. The password is coming from the Zhuyin Fuhao system for transliterating Mandarin. The reason it's showing up fairly often in a data breach repository is because "ji32k7au4a83" translates to English as "my password."

49 of 101 comments (clear)

  1. Damn! by Patent+Lover · · Score: 4, Funny

    I have the same combination on my luggage!

  2. They should have used by mandark1967 · · Score: 4, Funny

    "your password" instead of "my password". GENIUS!

    --
    Sig Follows: "Suppose you were an idiot. And suppose you were a member of Congress. But I repeat myself." -- Mark Twain
    1. Re:They should have used by mandark1967 · · Score: 1

      Shit! Now I gotta change my password!

      --
      Sig Follows: "Suppose you were an idiot. And suppose you were a member of Congress. But I repeat myself." -- Mark Twain
    2. Re:They should have used by DontBeAMoran · · Score: 3, Funny

      Exactly. You need to change your password.

      --
      #DeleteFacebook
    3. Re:They should have used by Anonymous Coward · · Score: 1

      The cool thing is that Slashdot auto-masks passwords in comments, replacing them with asterisks... here's my password, but I bet you'll only see the masked version:

      **********

      See? Try it for yourself!

      (...with apologies to Bash.org/?244321)

    4. Re:They should have used by dumuzi · · Score: 1

      ...but if i change my password to your password then you will be able to get into my accounts and they will be your accounts....I think your trying to trick me....I will keep my password as my password and foil your dastardly plans. Mwuahahahaha....

    5. Re:They should have used by dumuzi · · Score: 1

      my password

    6. Re:They should have used by dumuzi · · Score: 2

      shit, that didn't work. hey I think you lied... damn AC

  3. Re: MAGA by Anonymous Coward · · Score: 1

    Is it not great at the moment?

    That slogan is so funny, as outside of the USA, great is also commonly use to mean 'annoy' and 'loud noise' and 'rub in damaging way'.... Every time the MAGA slogan is used the whole world laughs and I don't think they know..

  4. Re:Translates to english? by RickyShade · · Score: 4, Funny

    The reason it's showing up fairly often in a data breach repository is because "ji32k7au4a83" translates to English as "my password."

    How exactly does "ji32k7au4a83" translates to english? Is it base64-encoded or something?

    Try reading an article for once in your life you miserable piece of shit.

  5. Fun "fact" by DontBeAMoran · · Score: 5, Interesting

    https://haveibeenpwned.com/Pas...
    12345: This password has been seen 2333232 times before.
    123456: This password has been seen 23174662 times before.

    That's right: there's nearly ten times as many people using 123456 than 12345, so the password used in Spaceballs is actually the more secure one of the two!

    --
    #DeleteFacebook
    1. Re:Fun "fact" by Oswald+McWeany · · Score: 1

      https://haveibeenpwned.com/Pas...
      12345: This password has been seen 2333232 times before.
      123456: This password has been seen 23174662 times before.

      That's right: there's nearly ten times as many people using 123456 than 12345, so the password used in Spaceballs is actually the more secure one of the two!

      I wonder if that's because a lot of websites require at least 6 characters.

      A lot now require 8 so 12345678 is probably pretty common too.

      --
      "That's the way to do it" - Punch
    2. Re: Fun "fact" by Anonymous Coward · · Score: 3, Funny

      Holy shit, how autistic are you, on a scale of 1 to 123456?

    3. Re:Fun "fact" by thegarbz · · Score: 1

      so the password used in Spaceballs is actually the more secure one of the two!

      Only when presented with a dictionary attack, and only if that dictionary doesn't work alphabetically

    4. Re:Fun "fact" by Krishnoid · · Score: 1

      I've got the perfect password choice though -- 'yiersansiwu'.

    5. Re:Fun "fact" by es330td · · Score: 1

      This isn't surprising. Many systems have a minimum password length of six characters so a user attempting "12345" would naturally use "123456" to meet the requirement. As "12345" was not an option it would naturally be seen less as a password.

    6. Re:Fun "fact" by DontBeAMoran · · Score: 1

      Bingo: This password has been seen 702 times before

      --
      #DeleteFacebook
    7. Re:Fun "fact" by DontBeAMoran · · Score: 1

      yiersansiwu: This password has been seen 24 times before

      --
      #DeleteFacebook
  6. Reference by DontBeAMoran · · Score: 1

    http://bash.org/?244321

    --
    #DeleteFacebook
  7. Hilarious results by DontBeAMoran · · Score: 1

    https://haveibeenpwned.com/Pas...
    Frosty Piss: Good news — no pwnage found!
    FrostyPiss: Good news — no pwnage found!
    Frosty_Piss: Good news — no pwnage found!

    Keep on frosty pissing, friend. But you might want to consider some vacation time in a warmer country.

    --
    #DeleteFacebook
  8. Re:Translates to english? by DontBeAMoran · · Score: 4, Funny

    I may be a piece of shit, but I never watched Les misérables, you insensitive clod.

    --
    #DeleteFacebook
  9. Re:Translates to english? by angel'o'sphere · · Score: 5, Informative

    The original mandarin translates to english as "my password".
    The original mandarin character sequence is coded in the database as "ji32k7au4a83", it is a pidgin transcoding schema. It is related to https://en.wikipedia.org/wiki/... but I forgot the name of that transliteration above.

    --
    Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
  10. Re:Is this a joke? by Riceballsan · · Score: 1

    Well the site itself doesn't check usernames, so the passwords on their own aren't practical even if the page were to be malicious or hijacked by a malicious source. I do agree on the whole it's a bit useless as it only covers the known hacks and breaches. I go by the rule of thumb to always use unique passwords, and if in doubt change them.

  11. I'm confused by ArhcAngel · · Score: 5, Funny

    I changed all my passwords to correcthorsebatterystaple
    Now you're telling me I should change it to this?

    --
    "A person is smart. People are dumb, panicky dangerous animals and you know it." - K
    1. Re:I'm confused by pinkfalcon · · Score: 2

      No - you need to change them all to "fourwordsalluppercase"

      --
      Real SUV's don't have cupholders
      It's 5:42 A.M., do you know where your stack pointer is?
    2. Re:I'm confused by i.r.id10t · · Score: 1

      Surprisingly, "fuckits" was found 52 times, but "fuckITS", "fuckITS!" and both "fuckyouITS" and "fuckyouits" were declared "unfound".

      --
      Don't blame me, I voted for Kodos
  12. Good summary by bill_mcgonigle · · Score: 4, Insightful

    Lately I haven't been able to even parse some summaries but with this one I get a cute story and don't even need to read TFA unless I want details.

    It's like 1999 again.

    --
    My God, it's Full of Source!
    OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
  13. Damn it. by fahrbot-bot · · Score: 1

    ... "ji32k7au4a83" is a very common password among users.

    That was our first choice for a baby name, now it's out 'cause most things won't let you use your name as a password.

    --
    It must have been something you assimilated. . . .
  14. This is hilarious by ZorinLynx · · Score: 2

    What makes it even more mind blowing is that it LOOKS like a password you'd randomly type by bashing a bunch of letter and number keys.

    k92jf8j2ih22
    f8y23jk29ugwe
    ji32k7au4a83

    It doesn't even stand out!

    Such an interesting world we live in.

    1. Re:This is hilarious by AmiMoJo · · Score: 1

      It shows just how screwed up text handling is on computers. Chinese has thousands of characters, maybe 50k total although only a few thousand are in common use. But computers are mostly handling ASCII, and ASCII only reliably stores about 6 per character (a-z, A-Z, 0-9) because control characters, extended characters and punctuation are often filtered or mangled.

      This affects English speaking users too. For example, by default Microsoft's pre-boot authentication for Bitlocker defaults to a numeric PIN which can be entered with the F keys, because those are the only ones guaranteed to work no matter what language keyboard you plug in. Yubico uses the following character set for similar reasons:

      cbdefghijklnrtuvCBDEFGHIJKLNRTUV0123456789

      The USB keyboard standard is pretty awful really, but that's another story.

      Unicode might have sorted it all out, but Unicode has some severe design flaws that prevented it ever becoming universal. In particular the handling of Chinese, Japanese and Korean is badly broken and the reason why they continue to use standards like BIG5 and Shift-JIS to wedge their character sets into something that systems can process.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  15. Re:MAGA by Drishmung · · Score: 2
    https://haveibeenpwned.com/Pas...

    "MAGA"

    Oh no — pwned! This password has been seen 62 times before

    "MAGA bich"

    Good news — no pwnage found!

    --
    Protoplasm. Quiet Protoplasm. I like quiet protoplasm.
  16. So, what is ... by PPH · · Score: 1

    ... "my luggage" translated from Mandarin?

    --
    Have gnu, will travel.
  17. Foreign language passwords by genka · · Score: 1

    This is hardly surprising. Russian profanities transliterated to English yield thousands of hits in the password database.

    1. Re:Foreign language passwords by dunkelfalke · · Score: 1

      Using just one Russian profanity at a time is doing it wrong, no matter whether for a password or for cursing. If I remember my Russian lessons correctly it should be at least three storeys high.

      --
      "It's such a fine line between stupid and clever" -- David St. Hubbins, Spinal Tap
  18. LastPass by UziBeatle · · Score: 1

    So does this transliteration issue indicate that
    Lastpass and it's ilk have possibly been 'randomly'
    generating words and phrases in reverse Chinese?

      GOod Grief.
    SOmeone with too much time on their hands research this ASAP.

    --
    Something between the lines jumps out and bites your arm off. Soltan Gris / London
  19. Re:Translates to english? by _merlin · · Score: 5, Informative

    Because people usually turn off IME edit for password fields. For one thing, a lot of systems reject exotic characters in passwords. Also, if you need to log in from a system that doesn't have a suitable Chinese IME you're screwed if you need Chinese characters. So they turn off IME edit, select US ANSI keyboard layout, and type the keys they would for an easy-to-remember Chinese phrase. It end up looking like random letters/numbers in English.

  20. Wait, this is genius. by bistromath007 · · Score: 3, Interesting

    By getting software that makes my keyboard try to type Mandarin, picking a simple passphrase, and typing that in, I can get a password that looks like random garbage in both English and Mandarin, and I don't need to store shit in a password manager unless I REALLY want multiple passphrases.

    1. Re:Wait, this is genius. by nadass · · Score: 1

      Maybe try an entirely different language, like Arabic or Cyrillic or Hebrew. The same idea applies, though.

    2. Re:Wait, this is genius. by dunkelfalke · · Score: 1

      Cyrillic is not a language, it is an alphabet.

      --
      "It's such a fine line between stupid and clever" -- David St. Hubbins, Spinal Tap
    3. Re:Wait, this is genius. by Cro+Magnon · · Score: 1

      That's even better. You could type a bunch of Cyrillic characters and English speakers would swear that it's Russian, while Russian speakers say "WTF", or whatever that is in Russian.

      --
      Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.
    4. Re:Wait, this is genius. by nadass · · Score: 1

      Cyrillic is not a language, it is an alphabet.

      True, but the password field doesn't know the difference.

    5. Re:Wait, this is genius. by dunkelfalke · · Score: 1

      It usually does by accepting only 7 bit ASCII characters.

      --
      "It's such a fine line between stupid and clever" -- David St. Hubbins, Spinal Tap
    6. Re:Wait, this is genius. by dunkelfalke · · Score: 1

      This is exactly what happens in many movies.

      --
      "It's such a fine line between stupid and clever" -- David St. Hubbins, Spinal Tap
  21. I thought there would be some clever sci-fi tie in by Fly+Swatter · · Score: 1

    Color me disappointed.

  22. Re:Translates to english? by Kippesoep · · Score: 1

    This transliteration scheme is called "bopomofo" after the first 4 sounds (b, p, m and f)

  23. Re:Translates to english? by george14215 · · Score: 1

    Pure gold!

  24. Re: Translates to english? by Anonymous Coward · · Score: 4, Informative

    Zhu yin fu hao is the Chinese keyboard super-imposed on the ASCII keyboard.

    Ji3 is u o = wo3
    2k7 is de e = de
    Au4 is mo yi 4 = mi4
    A83 is mo a 3 = ma3

    Wo3 U+6211 is the first person pronoun
    De U+7684 is the possessive
    Mi4 U+5BC6 means secret
    Ma3 U+78BC means number or code

    Taken together, "wo de mima" translates to "my password".

    The number 3 after a Mandarin word stands for the third tone. The number 4 stands for the fourth tone. The particle de is unstressed. There is no tone on an unstressed word

  25. Re:Translates to english? by Aighearach · · Score: 2

    Never read the story, that is the same as renting out your brain to whoever pays for the slavertisements.

  26. Re:Translates to english? by _merlin · · Score: 1

    Yeah, but it's a dumb thing to do because it won't display properly in a terminal and you'll have to rely on the punycoded form to deal with it.