SoylentNews is people
SoylentNews
The Worst Passwords of 2018 are Just as Dumb as You'd Expect;
"Password" will never be a good password. Period.
[...] It doesn't look like we're getting any smarter about our passwords.
On Thursday, software company SplashData released its annual list of the Top 100 worst passwords, and it includes some pretty obvious blunders. Coming in at No. 1 is, you guessed it, "123456," and in second place is, yup, "password." This is the fifth year in a row these passwords have held the top two spots.
Newcomers to the list include "666666" (No. 14), "princess" (No. 11) and "donald" (No. 23).
[...] To compile its list, SplashData evaluated more than 5 million leaked passwords, mostly from users in North America and Western Europe. The company estimates that about 10 percent of people have used at least one of the Top 25 worst passwords, and about 3 percent have used "123456."
[...] Here are the 25 worst passwords of 2018, according to SplashData:
1) 123456
2) password
3) 123456789
4) 12345678
5) 12345
6) 111111
7) 1234567
8) sunshine
9) qwerty
10) iloveyou
11) princess
12) admin
13) welcome
14) 666666
15) abc123
16) football
17) 123123
18) monkey
19) 654321
20) !@#$%^&*
21) charlie
22) aa123456
23) donald
24) password1
25) qwerty123
(Score: 5, Insightful) by MrGuy on Friday December 14 2018, @01:43PM (2 children)
If I'm being required to sign up to get access to something on a site, and there's no commerce or PII implications (i.e. they don't know anything about me other than my e-mail), then I have a weak throwaway password I don't mind seeing compromised that I used for quite some time (i.e. before I got a password manager, when having a strong password became as easy as having a weak one). I didn't feel like generating/remembering a strong password for a site I used only occasionally when I didn't really care if my account got "compromised."
(Score: 2) by VLM on Friday December 14 2018, @01:55PM (1 child)
I do almost the same thing, with the slight variation that if I know they don't save payment information for one click re-ordering, I'll use the generic password for casual shopping.
Tis the season to order gift baskets for my clients and distant (physically or otherwise...) relatives and that's not (yet) an amazon thing. Why? Thats an excellent question as however much amazon Inc might suck, their UI experience is near perfection.
In theory a dedicated and extremely bored hacker could figure out my wife's login info at one of the bazillion gift basket companies, log in as her, find the historical shipping info, and get a fraction of my client and relative list. I suppose the worst thing someone could do is find the IT director who's gluten-free like my kid is, then use his own money (because the site doesn't store payment information) and send the poor guy a loaf of organic artisan whole wheat bread or similar. Thats about as bad as it gets, I guess. I suppose the attacker, using his own money, could make the message something like "F U celiac is a fake disease" to piss him off, or frankly more likely he'd laugh at me.
Its not a terribly useful or realistic attack vector. I mean, why steal my gift basket login when you could steal my AWS account or my brokerage account info?
(Score: 2) by Freeman on Friday December 14 2018, @04:47PM
I have no idea what UI you're referring to, because I've used the Amazon UI and it sucks. Just look at the search and filter options available from Newegg, then compare that with the features for Amazon. Also, Amazon sticks random junk up in my face all the time. No, I don't want some random piece of junk that has no bearing on what I'm searching for, thanks. Amazon definitely has some things going for it, their UI, isn't one of them. I also try to avoid purchasing things from the Amazon Empire as much as possible.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"