The painful list of really lousy passwords
Year end lists are starting to appear, and this one will hurt: the 25 worst passwords of 2011. Number one, yet again, is password.
Some companies demand a mix of alpha an numeric characters, so users get clever and use passw0rd. No hacker will think of that, right? And while 123456 may be a great password for some systems, more secure organizations require eight characters in a password. You know what's coming, don't you? 12345678. And where is ***** on the list?
No wonder Facebook accounts get cracked by the hundreds of thousands each day. And for those trying to break into your significant other's Facebook account to post embarrassing status entries, you now have the 25 most likely passwords. That assumes your significant other isn't smart enough to follow even the most basic password rules.
I always liked the password "obvious". That way when people ask what the password is for something I can tell them the password is obvious. Usually good for a few minutes back and forth dialogue about it not being obvious.
sonofcassandra on telegraph.co.uk
A lousy system
To what extent are stolen passwords even a meaningful threat? Most systems don't hand out shadow files to the public and don't allow large numbers of quick guesses. Russian gangs setting up zombie networks aren't going to know my cat or my wife's name or similar "easy to guess" choices.
karypm on pcworld.com
Thanks to SplashData for the list.