password, 123456, #!comment:, changeme and Fuckyou
What do these words have in common?
They are the top 5 words used in brute force attempts at guessing passwords, from Microsoft via El Reg.
I've personally seen #1 and #2 on computers we use at the company where I work. We change them whenever we run across one, but who the hell knows how many computers are still on our network with weak local amin passwords.
__________________
The best way to make America great is to lower the standards!
Re: password, 123456, #!comment:, changeme and Fuckyou
This is a really gross generalization, but it seems to me that the more arcane and ridiculous a company's regular employee password requirements are, the more likely it is that they've got production machines lying around with either default or stupidly easy root passwords.
I don't know why that is. But you should totally try it, Potato.
Re: password, 123456, #!comment:, changeme and Fuckyou
I've been guilty of using "password" before, but it was nearly immpossible to change my password on some system, without getting locked out of every other program on the server. Then I'd have to call the systems guy, who charges by the hour and so on.
I'm guessing #comment is in a format, such as a comment section in a newspaper?
Re: password, 123456, #!comment:, changeme and Fuckyou
There's some kind of (COMPLETELY ACCURATE) theory that there's a point of diminishing returns from strict password policies, because the more frequently you make users change them and the more convoluted the requirements are, the more people will just write them on sticky notes and leave them right there on their monitors. Which, yeah. I've seen that.
Also done that.
Maybe #!comment; is a generic password like cypherfreak or something?
Re: password, 123456, #!comment:, changeme and Fuckyou
OMG. In a fit of temper last week I used fuckyou69 at some job-related "gimme new password" nag and I don't remember which one. I haven't been asked for that particular password yet so it's all good. I guess.
Re: password, 123456, #!comment:, changeme and Fuckyou
Quote:
Originally Posted by lisarea
There's some kind of (COMPLETELY ACCURATE) theory that there's a point of diminishing returns from strict password policies, because the more frequently you make users change them and the more convoluted the requirements are, the more people will just write them on sticky notes and leave them right there on their monitors. Which, yeah. I've seen that.
My employer makes people change their passwords for the pay info website, every month. I think at least half of the office is currently locked out of the site, myself included. I kept up with it for awhile but finally decided that the site wasn't worth it and just quit changing the password.
__________________
Much of MADNESS, and more of SIN, and HORROR the soul of the plot.
Re: password, 123456, #!comment:, changeme and Fuckyou
Where I used to work they required a password of at least 8 characters in length with at least one capital and at least one number or punctuation mark, no repeating letters or numbers and no consecutive numbers or letters and it couldn't be a derivation on the previous passwords you've used. What I would do is find a good password generator (I like the Firefox extension for this as you could make it right or left side only) and generate dozens of passwords at a time, print them out to keep handy in the wallet or sommit. The last series I made for myself using Excel and the =rand() function.
Re: password, 123456, #!comment:, changeme and Fuckyou
You could also use a password manager like KeePass to generate and store passwords under a single master password, and keep it on a thumb drive or summat.
Re: password, 123456, #!comment:, changeme and Fuckyou
Oh how i love that password bullshit. I have 27 passwords at work alone and of course they need to be changed either monthly or bi-monthly.
And of course "do not use passwords which are easy to guess" and "do not write your passwords down". How the fuck do you expect me to remember 27 different passwords, some of which I only need once a month and which are "not easy to guess". And no, we are not allowed to use password generators.
So my passwords are easy to guess AND I write them down for good measure. Oh, and you can go fuck right off, IT security person.
Re: password, 123456, #!comment:, changeme and Fuckyou
Also I like the remember my passwords feature, also a security risk. But damn, if someone breaks into my home and gets my computer, the password to Yahoo groups is not going to be my first concern.
Re: password, 123456, #!comment:, changeme and Fuckyou
When computers force me to use passwords that aren't easy to remember and have to meet some arcane standard about numbers, letters and stuff - then I just read them off my keyboard.
Normally qwerty isn't allowed, and it doesn't contain the necessary numbers - but there's nothing to stop you going down the columns instead of across the rows.
1qaz2wsx
...and if you have to use capitals and symbols, you can just press the shift key for the second column. When they make you change your password after a month, just move along one column - so say you're starting on the '4' you get:
4rfv%TGB
Please feel free to use this tip or some variant of it. I don't require payment for the advice You can send any donations to should you feel the need.
Re: password, 123456, #!comment:, changeme and Fuckyou
Quote:
Originally Posted by Stormlight
How the fuck do you expect me to remember 27 different passwords, some of which I only need once a month and which are "not easy to guess". And no, we are not allowed to use password generators.
Ive solved this problem by simply never knowing what any of my passwords actually are. every password I use consists of one starting point and a pattern.
if I wrote a 2w in my password note book, my password would be 2wsxdr5tgbhu8
2vV = 2wsxdr5TGBHU8
I also use upside down triangle patterns rotating clock wise, if I wrote down a 4 it would be 45rdxsw23
Re: password, 123456, #!comment:, changeme and Fuckyou
Quote:
Originally Posted by lisarea
You could also use a password manager like KeePass to generate and store passwords under a single master password, and keep it on a thumb drive or summat.
I've got LastPass, a Firefox addon. It makes it a lot easier if you use more than one computer as well because it remembers what you did on both.