The sad, sad passwords used by Ashley Madison users

Password leaks are usually cringe-worthy, but these leaked passwords are especially interesting

Hundreds of security breaches later, we still, as a population, haven't learned much about creating more secure passwords. The top 50/100 passwords for most password leaks tend to be the same disturbingly weak ones (you know, "1234"). With the well-publicized Ashley Madison hack of about 36 million potential passwords, we see the same mistakes, but also some entertaining choices.

CynoSure Prime analyzed an 11.7 million subset of the 36 million passwords revealed and found that the majority of them are very simple, with just lowercase letter or lowercase with numbers. The shortest password cracked had just a 1 character length! And over 630,000 accounts had the same password as the username. That's just insane. Even my 9-year old knows to use a different password than the username.

Possibly suspicious accounts used common passwords like "hello," "asdfg," "123456," and "iloveyou." Besides these old standards, though, a CynoSure Prime found some entertaining ones:

Those that think adding a few more words to the word password makes it harder to crack:
mypasswordispassword
superhardpassword
thebestpasswordever
thisisagoodpassword
 
Those that are having doubts about using the site:
ishouldnotbedoingthis
ithinkilovemywife
thisiswrong
whatthehellamidoing
whyareyoudoingthis
cheatersneverprosper
donteventhinkaboutit
isthisreallyhappening
 
Those that are in denial:
likeimreallygoingtocheat
justcheckingitout
justtryingthisout
goodguydoingthewrongthing
 
Those who think this is a dating site:
lookingfornewlife
friendswithbenefits
 
Those who trusted AM:
youwillneverfindout
youwillnevergetthis
secretissafewithme
 
Passwords from xkcd (https://xkcd.com/936/):
batteryhorsestaple
correcthorsebatterystaple
 

Those that might have figured out what AM is doing:

nothingfound
theywererobots
nobodyhere

I left out the last "other funnies" section to make this safe for work.

The password you choose can be used to instill habits or reinforce beliefs. They can also sometimes offer psychological insights. It's probably a good idea to not choose your password based on obvious aspects of the site, e.g., 123456ashleymadison, but I suppose these are some alternative passwords that wouldn't be reused on other sites, so that's a good thing? Yeah, try to avoid predictable passwords.

[via ArsTechnica]

ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon