password, 123456, #!comment:, changeme and Fuckyou

[Zehava]

What do these words have in common?

They are the top 5 words used in brute force attempts at guessing passwords, from Microsoft via El Reg.

I've personally seen #1 and #2 on computers we use at the company where I work. We change them whenever we run across one, but who the hell knows how many computers are still on our network with weak local amin passwords.

[viscousmemories]

I've seen 1, 2 and 4. I've never seen 3 or 5. I don't even understand 3 actually.

[Potato]

None of those meet the minimum password requirements where I work.

People really use "123456" eh?

[Corona688]

That's amazing! I've got the same one on my luggage!

[Zehava]

Quote:

Originally Posted by Potato

None of those meet the minimum password requirements where I work.

People really use "123456" eh?

Yes they do, and frankly we still use that here for certain users (i.e. the company truck drivers) who have trouble even powering on a computer. Of course that is just a temporary password and they must change it whenever they log on.

[lisarea]

This is a really gross generalization, but it seems to me that the more arcane and ridiculous a company's regular employee password requirements are, the more likely it is that they've got production machines lying around with either default or stupidly easy root passwords.

I don't know why that is. But you should totally try it, Potato.

[Qingdai]

I've been guilty of using "password" before, but it was nearly immpossible to change my password on some system, without getting locked out of every other program on the server. Then I'd have to call the systems guy, who charges by the hour and so on.

I'm guessing #comment is in a format, such as a comment section in a newspaper?

[Qingdai]

In other words, I agree with Lisarea. AGAIN.

[BrotherMan]

Sucks, doesn't it.

[Ensign Steve]

We seriously had Password1 as the root password on the ET web page for months. It was the only thing all the developers could remember.

[Deadlokd]

No one will ever guess my password! Not that they need to, they can just read it off the monitor.

[Ensign Steve]

library!

[Ari]

After fighting with an Oracle upgrade at work my GF changed her (non admin account) password to Fuckyou2.

[Dingfod]

I'm going through all the cars I've owned in my life. I'm up to 75-Landcruiser now. That means about 20 more before I start recycling them.

[Ymir's blood]

I used to have all the security questions on one site answered, "fuckoff____" with the space being whatever noun the site was asking for.

[lisarea]

There's some kind of (COMPLETELY ACCURATE) theory that there's a point of diminishing returns from strict password policies, because the more frequently you make users change them and the more convoluted the requirements are, the more people will just write them on sticky notes and leave them right there on their monitors. Which, yeah. I've seen that.

Also done that.

Maybe #!comment; is a generic password like cypherfreak or something?

[Ymir's blood]

Quote:

Originally Posted by lisarea

There's some kind of (COMPLETELY ACCURATE) theory that there's a point of diminishing returns from strict password policies, because the more frequently you make users change them and the more convoluted the requirements are, the more people will just write them on sticky notes and leave them right there on their monitors. Which, yeah. I've seen that.

My employer makes people change their passwords for the pay info website, every month. I think at least half of the office is currently locked out of the site, myself included. I kept up with it for awhile but finally decided that the site wasn't worth it and just quit changing the password.

[SharonDee]

OMG. In a fit of temper last week I used fuckyou69 at some job-related "gimme new password" nag and I don't remember which one. I haven't been asked for that particular password yet so it's all good. I guess.

[BrotherMan]

Where I used to work they required a password of at least 8 characters in length with at least one capital and at least one number or punctuation mark, no repeating letters or numbers and no consecutive numbers or letters and it couldn't be a derivation on the previous passwords you've used. What I would do is find a good password generator (I like the Firefox extension for this as you could make it right or left side only) and generate dozens of passwords at a time, print them out to keep handy in the wallet or sommit. The last series I made for myself using Excel and the =rand() function.

[lisarea]

You could also use a password manager like KeePass to generate and store passwords under a single master password, and keep it on a thumb drive or summat.

[Watser?]

Quote:

Originally Posted by lisarea

You could also use a password manager like KeePass to generate and store passwords under a single master password, and keep it on a thumb drive or summat.

I've got LastPass, a Firefox addon. It makes it a lot easier if you use more than one computer as well because it remembers what you did on both.

[slimshady2357]

If someone forgets their password repeatedly at work, my boss will set it to 'remember' so that they... well... remember it

One lady phoned up a couple of weeks ago and asked if there was a way she could change her password, she didn't like having it as 'remember'. Why?

Wait for it.........

show spoiler

she couldn't remember how to spell remember.

[Ari]

Quote:

Originally Posted by slimshady2357

show spoiler

she couldn't remember how to spell remember.

Actually that's a good technique. A few of my passwords are normal words that are misspelled. Less chance a dictionary crack will break them, but I can still easily remember what they are.

[viscousmemories]

Quote:

Originally Posted by Watser?

Quote:

I've got LastPass, a Firefox addon. It makes it a lot easier if you use more than one computer as well because it remembers what you did on both.

I've been using RoboForm for a few weeks.

The Good: There is a version of RoboForm and its related synchronization software for my home PC, for my iPhone, and another for the U3 Smart platform on my USB key. Thus I have all my passwords available to me on all the devices I commonly use.

The Bad: I didn't realize it was free only for a trial period and ridiculously overpriced (with separate licenses required for each piece on each device) after that, so it has been nagging me and/or failing to work lately.

I'm not sure what I'll do now. I used to use KeePass but the mobility was never great with that one. With RoboForm all I have to do is set a new password and sync it with their online service, then I have it everywhere.

[BrotherMan]

Quote:

Originally Posted by ceptimus

Please feel free to use this tip or some variant of it. I don't require payment for the advice You can send any donations to should you feel the need.

Quote:

Originally Posted by roastelk

Ive solved this problem by simply never knowing what any of my passwords actually are. every password I use consists of one starting point and a pattern.

if I wrote a 2w in my password note book, my password would be 2wsxdr5tgbhu8

2vV = 2wsxdr5TGBHU8