A UK mob has collected Top 10 Most Common Passwords; soccer teams rate highly. German passwords are just as lame, with the f-word, hello and digits strings starting with 1234 rating very highly, as does treasure and, for some odd reason, Daniel (care to explain, mister?).
Dictionary based searching works – if you aren’t going through something that monitors that sort of thing. Ophcrack will break into a Windows system, by running through very large dictionaries, some of which are available only by purchase.
Perhaps to read the advice on Choosing a Pretty Good Password. Myself, most of my passwords are highly insecure. But that’s only because they’re on systems I don’t give a tinker’s cuss about. The ones I do are pretty tight.
Does anyone out there use multiple, changing, strong passwords? If so, how do you keep them straight? If not, why are you toying with your security like that?
I’ll tell you this for free: I never use my own name for a password. If others want to use my name, however, that’s up to them!
I use four variations of one password. The basic is for stuff that does not matter much. Even if I cannot remember which password to use, it can only be one of four and they are many years old now. PINS are a problem for me. I know my bank pin when it comes to pushing the buttons, but I don’t actually know what it is to write it down. One day I will be at the auto teller and the fingers just aren’t going to work and I will be in trouble.
In Australia, I think fruit names are often used, especially banana.
I’m being slightly skeptical here, but I wonder where they collected these passwords. It smells a bit off to me.
I use a variation on a theme for most of my “I don’t really care about it” type passwords – websites and the like. But I use a program called Roboform for ALL of my passwords. And given both my work and home computers are secured whenever I am not using them, then Roboform is secured…
I have used Roboform for about 4 years and was happy to purchase it – it’s probably one of the best investments I ever made!
I have normally used variations of radio callsigns I’ve had.
However work is introducing (imposing?) ‘complex passwords’
on everyone so such things will no longer be possible.
Requirements include no-recycling, a minimum length and at
least one number. Hence even if someone wanted a simple pw,
they will no longer be able to have it.
Now I think about it, Glen’s right. What web site(s) are keeping or transmitting their passwords in such a way that this kind of information (even in aggregate) can be gathered?
The difficulty with no-recycling, minimum length, at least one number and one case change – along with other ‘security’ demands like monthly changes, is that if you end up having passwords that are so hard to remember that they have to be written down.
Cathy’s workplace has dev machines that are fairly tightly locked down, and increasingly tightly locked down. And the password policies are sufficiently different (different OSes, hardware, and administrators) that picking a password that satisfies the requirements is quite a challenge. No minimize the cognitive load, some of her workmates would change their passwords x times (where x=minimum number of times before a password could be reused) and then back to the one they always used; some even used a script to make it quick and easy. Then the admins wised up, and set a minimum time between changes to a password of a day. So the developers turned to writing their passwords down.
Unintended side effects.