Why 'ji32k7au4a83' Is a Remarkably Common Password
For too many people, moving the digits around in some variation of Patriots69Lover is their idea of a strong password. So you might expect something complicated like” “ji32k7au4a83” would be a great password. But according to the data breach repository Have I Been Pwned (HIBP), it shows up more often than one might expect.
This interesting bit of trivia comes from self-described hardware/software engineer Robert Ou, who recently asked his Twitter followers if they could explain why this seemingly random string of numbers has been seen by HIBP over a hundred times.
Have I Been Pwned is an aggregator that was started by security expert Troy Hunt to help people find out if their email or personal data has shown up in any prominent data breaches. One service it offers is a password search that allows you to check if your password has shown up in any data breaches that are on the radar of the security community. In this case, “ji32k7au4a83" has been seen by HIBP in 141 breaches.
Several of Ou’s followers quickly figured out the solution to his riddle. The password is coming from the Zhuyin Fuhao system for transliterating Mandarin. The reason it’s showing up fairly often in a data breach repository is because “ji32k7au4a83" translates to English as “my password.”
Related: The password “ji32k7au4a83” has been seen over a hundred times, and the password "ji32k7au4a83" looks like it'd be decently secure, right?
Now if only there were one super secure password everyone could use so we would all be safe.
[There is! But it would require over 55 hours (at 5 characters per second) to type it in. --Ed.]
(Score: 3, Informative) by Anonymous Coward on Wednesday March 06 2019, @05:07AM (3 children)
I'm seeing all these comments, especially the one linking to XKCD and the one about unreadable passwords. The whole point of the articles is to point out that the above password is a standard encoding in Taiwan for the phrase "my password" in Chinese. Not very secure and I'm sure the blackhats that are out there, especially those targeting those who write using that encoding, were already well aware of this one and had it in their dictionary.
(Score: 3, Insightful) by maxwell demon on Wednesday March 06 2019, @07:05AM (1 child)
On the XKCD link: If there's anything about passwords, someone will post the link. It's just how the internet works.
I didn't actually follow the link because I'm reasonably sure it's the "correct hose battery staple", again.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by FatPhil on Wednesday March 06 2019, @07:59AM
That's one reason I hate that XKCD - it overlooks the very point it's trying to make. We think, and remember, conceptually, rather than verbatim. Rndom common words are just as liable for misremembering as random characters. Also, his scheme is utterly childsplay to crack with rainbow tables.
y advice is to understand the strengths and weaknesses of the common schemes, and then create a blend that is memorable to you. There's entropy in the choice of scheme, and "4 common words" probably carries as little entropy as "common word leetified followed by number".
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 2) by zocalo on Wednesday March 06 2019, @08:14AM
UNIX? They're not even circumcised! Savages!