Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
'123456' and 'Password' Remain Worst Passwords of the Year for Fifth Consecutive Year
- Thread starter MacRumors
- Start date
- Sort by reaction score
I guess in this day and age you can't force people to secure their stuff, and more you can't force users to backup every time they "spill the beans" afterwards, by mentioning lost photos etc..
This will take us to the end of the earth, and back, (more than once i think)
We're still using "basic" passwords yep..
Ironically, even Apple asks you to for a password after 48 hours of not unlocking a phone or switching it on first time.... So, all this TouchID/FaceID stuff is convenient, yet even Apple can't over see the basis just yet.
When power goes out, we all turn to pen and paper too..
So the old ways still live on.
This will take us to the end of the earth, and back, (more than once i think)
We're still using "basic" passwords yep..
Ironically, even Apple asks you to for a password after 48 hours of not unlocking a phone or switching it on first time.... So, all this TouchID/FaceID stuff is convenient, yet even Apple can't over see the basis just yet.
When power goes out, we all turn to pen and paper too..
So the old ways still live on.
Last edited:
You don't know...
You know a better way?
Fact is, there's no safe way (yet), fingerprints-retina-passwords, none of them are safe, The only safe way would be if you could send a key directly from your brain to your computer, but this isn't possible (yet) and what about the connection from your computer to the URL you connect to, not safe again, don't know if there ever will be a 100% failsafe system.
Last edited:
The new password autofill feature in iOS 12
The top 10 most popular passwords of 2018:
1) 123456
2) password
3) 123456789
4) 12345678
5) 12345
6) 111111
7) 1234567
8) sunshine
9) qwerty
10) iloveyou
Article Link: '123456' and 'Password' Remain Worst Passwords of the Year for Fifth Consecutive Year
I see a lot of the same problems others mention:
- Work requiring all sorts of crazy password rules unique to each application
- No password managers allowed, so most people keep a Word doc or Excel file with all the passwords
- There are still websites that don't play nice with password managers
- Some websites are always changing things. I have no idea why, but there is one website I visit that the login in screen keeps changing, so I have like 10 entries in my password manager for that family of sites
- Many people (myself included) have a secondary junk e-mail address and stupid password (like 123456) for websites that want that info so you can have access. For example, I have strong, unique passwords that change regularly for anything that stores financial or other sensitive information, but a couple of lame passwords for things like forums.
I keep thinking we're on the verge of a post-password internet, but it always feels like one step forward and two steps back with things like password managers and MFA. Maybe someday a web standard will be developed--but as soon as that happens, the entire internet will be broken when someone cracks the standard.
- Work requiring all sorts of crazy password rules unique to each application
- No password managers allowed, so most people keep a Word doc or Excel file with all the passwords
- There are still websites that don't play nice with password managers
- Some websites are always changing things. I have no idea why, but there is one website I visit that the login in screen keeps changing, so I have like 10 entries in my password manager for that family of sites
- Many people (myself included) have a secondary junk e-mail address and stupid password (like 123456) for websites that want that info so you can have access. For example, I have strong, unique passwords that change regularly for anything that stores financial or other sensitive information, but a couple of lame passwords for things like forums.
I keep thinking we're on the verge of a post-password internet, but it always feels like one step forward and two steps back with things like password managers and MFA. Maybe someday a web standard will be developed--but as soon as that happens, the entire internet will be broken when someone cracks the standard.
Indeed yes, and it's still the most secure method to keep your date private.
It's impossible at the moment in time to scan your brain and pull out information, and I suspect will be impossible for a long long time to come.
The only person with access to what's inside your skull is you.
No sure if I fall in the "older" category, being in my 40s, but I use 1Password (and not a single password for every account).
I can safely say that I do not know the vast majority of my passwords. The only one I truly know is my Apple ID password, but I have 2FA turned on. In fact, all the accounts I have that support 2FA have it enabled.
And... I just noticed that 1Password now tells you which accounts support 2FA where it is not turned on.
There goes my evening...
The problem is that many companies choose te restrict the format and even the length of passwords. And in length I mean "maximum length".
"passwords must be between 6 and 12 characters and must contain at least a number, a lower case, a capital and a special characters, but not @# or ^".
"passwords must be between 6 and 10 characters and cannot contain spaces".
"passwords may not contain the same character twice".
What's wrong with :
"Password must be at least 8 characters but preferably 22"?
Result is, the Apple generated password is often rejected, as well as the xkcd option where you string together random words.
[doublepost=1545050724][/doublepost]
If you use a large dictionary (with easily about 50.000 of the most common words) that adds up to 3.12 x 10^23.
Am i missing something here or is "less than a second" way overstated?
"passwords must be between 6 and 12 characters and must contain at least a number, a lower case, a capital and a special characters, but not @# or ^".
"passwords must be between 6 and 10 characters and cannot contain spaces".
"passwords may not contain the same character twice".
What's wrong with :
"Password must be at least 8 characters but preferably 22"?
Result is, the Apple generated password is often rejected, as well as the xkcd option where you string together random words.
[doublepost=1545050724][/doublepost]
That's new for me. With 5 unique words there are 3000 x 2999 x 2998 x 2997 x 2996 combinations in a 3000 word dictionary. That's 2.42 x 10^17 combinations. Providing that you don't mix capitals and lower case, don't add numbers or only use spaces between the words.
If you use a large dictionary (with easily about 50.000 of the most common words) that adds up to 3.12 x 10^23.
Am i missing something here or is "less than a second" way overstated?
I like using a combination of lottery scratch ticket game names mixed with numbers. Shh... don't tell anyone.