Why 'ji32k7au4a83' Is a Remarkably Common Password
For too many people, moving the digits around in some variation of Patriots69Lover is their idea of a strong password. So you might expect something complicated like” “ji32k7au4a83” would be a great password. But according to the data breach repository Have I Been Pwned (HIBP), it shows up more often than one might expect.
This interesting bit of trivia comes from self-described hardware/software engineer Robert Ou, who recently asked his Twitter followers if they could explain why this seemingly random string of numbers has been seen by HIBP over a hundred times.
Have I Been Pwned is an aggregator that was started by security expert Troy Hunt to help people find out if their email or personal data has shown up in any prominent data breaches. One service it offers is a password search that allows you to check if your password has shown up in any data breaches that are on the radar of the security community. In this case, “ji32k7au4a83" has been seen by HIBP in 141 breaches.
Several of Ou’s followers quickly figured out the solution to his riddle. The password is coming from the Zhuyin Fuhao system for transliterating Mandarin. The reason it’s showing up fairly often in a data breach repository is because “ji32k7au4a83" translates to English as “my password.”
Related: The password “ji32k7au4a83” has been seen over a hundred times, and the password "ji32k7au4a83" looks like it'd be decently secure, right?
Now if only there were one super secure password everyone could use so we would all be safe.
[There is! But it would require over 55 hours (at 5 characters per second) to type it in. --Ed.]
(Score: 4, Interesting) by darkfeline on Wednesday March 06 2019, @07:08AM (2 children)
As an addendum to this subject, you're not clever. Whatever scheme you have come up with for passwords, someone else has come up with also. Multiple people, in fact, including password cracker developers.
Among these include various patterns on common keyboard layouts (qazwsxedc), various permutations, rotations, and substitutions on number, letters, "calculating" your password based on the website name, quotes from books, the first letters of a string of words or sentences, and so on.
You can't beat Bayes. Only a long randomly generated password is safe.
Join the SDF Public Access UNIX System today!
(Score: 1, Funny) by Anonymous Coward on Wednesday March 06 2019, @09:53AM
If you can beat a dead horse, then why can't you beat a dead mathematician?
(Score: 0) by Anonymous Coward on Wednesday March 06 2019, @05:25PM
One of the benefits of being inducted into a gang when I was young - I doubt any hackers know anything about it. My string of numbers, letters, and symbols is meaningful and easily-remembered, but looks like randomness to anyone else.