Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Friday December 14 2018, @09:40AM   Printer-friendly
from the hunter2 dept.

The Worst Passwords of 2018 are Just as Dumb as You'd Expect;

"Password" will never be a good password. Period.

[...] It doesn't look like we're getting any smarter about our passwords.

On Thursday, software company SplashData released its annual list of the Top 100 worst passwords, and it includes some pretty obvious blunders. Coming in at No. 1 is, you guessed it, "123456," and in second place is, yup, "password." This is the fifth year in a row these passwords have held the top two spots.

Newcomers to the list include "666666" (No. 14), "princess" (No. 11) and "donald" (No. 23).

[...] To compile its list, SplashData evaluated more than 5 million leaked passwords, mostly from users in North America and Western Europe. The company estimates that about 10 percent of people have used at least one of the Top 25 worst passwords, and about 3 percent have used "123456."

[...] Here are the 25 worst passwords of 2018, according to SplashData:

1) 123456
2) password
3) 123456789
4) 12345678
5) 12345
6) 111111
7) 1234567
8) sunshine
9) qwerty
10) iloveyou
11) princess
12) admin
13) welcome
14) 666666
15) abc123
16) football
17) 123123
18) monkey
19) 654321
20) !@#$%^&*
21) charlie
22) aa123456
23) donald
24) password1
25) qwerty123


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2, Insightful) by Anonymous Coward on Friday December 14 2018, @02:20PM (3 children)

    by Anonymous Coward on Friday December 14 2018, @02:20PM (#774396)

    These ratings are not reflecting the reality well in modern Internet economy, when CEOs play pocket billiards to rising number of registered users, and to download a f..n driver it is needed to sign up to 6 services. Here people just go with 12345678 using a one-time account.
    I wrote a small blog post about it some time ago, but I don't know are ULRs supported, so I'll summarize the experiment here: There is a service C., where users may share and download files, but only files below 1MB are free to download - larger ones require a free account.
    Procedure to create account is following: First information is that password has to be at least 8 characters long. Then, if you enter numbers only, it informs that at least a single letter is needed. Account name by default is an username from e-mail address. So I decided to try to harvest accounts using usernames generated from one of well-known temporary e-mail services (bXXXXXXX where X are digits). After a few days of trying I found about 500 accounts with no files, made probably to download one file.
    Let's try to bruteforce into them. We have 8 characters information, and then an information about letter, so dictionary was:
    12345678a
    a12345678
    And that was all. Got about 90 working accounts.
    So what? Yes, there are poor passwords. But they are used with responsibility - for poor resources.

    Starting Score:    0  points
    Moderation   +2  
       Insightful=2, Total=2
    Extra 'Insightful' Modifier   0  

    Total Score:   2  
  • (Score: 0) by Anonymous Coward on Friday December 14 2018, @02:30PM (1 child)

    by Anonymous Coward on Friday December 14 2018, @02:30PM (#774399)

    I wrote a small blog post about it some time ago, but I don't know are ULRs supported

    You aren't sure if this site supports links?

  • (Score: 1, Touché) by Anonymous Coward on Friday December 14 2018, @05:01PM

    by Anonymous Coward on Friday December 14 2018, @05:01PM (#774462)

    I wrote a small blog post about it some time ago, but I don't know are ULRs supported

    If you posted a link to your blog you no longer would fulfill the "anonymous" portion of AC.