Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
'123456' Named 2014's Worst Password of the Year
- Thread starter MacRumors
- Start date
- Sort by reaction score
The other day I met a friend of a friend. She has a iPod touch with a password on it. It took me 1 guess to get into it, it was her birth year. People are too predictable at times.
I snickered when I read fox's posting.
I LOL'ed when I read yours.
He may have been first, but I think you won this round.
Diceware is a good way to create secure passwords that are (relatively) easy to remember.
http://world.std.com/~reinhold/diceware.html
And if you want the convenience of high-quality random numbers without actually rolling dice, you can use:
https://www.random.org/integers/?num=100&min=1&max=6&col=5&base=10&format=html&rnd=new
(Note that if someone is able to observe or intercept your random numbers -- whether you're rolling dice or visiting a web site -- that would fundamentally weaken your password. Also, use that web site only to the extent you trust them -- if they guessed you were using the numbers to create diceware passwords they could feed you numbers of their choosing, leading to passwords that they could guess.)
Here are some examples of 3, 4, and 5 word phrases to give you an idea.
(In this variant, I put dashes between words and capitalize the first letter -- these are mainly to satisfy common password restrictions and don't change the strength of the password a lot.
Hopefully this is obvious, but you should only use ones you generate yourself, never ones that someone else generated.
http://world.std.com/~reinhold/diceware.html
And if you want the convenience of high-quality random numbers without actually rolling dice, you can use:
https://www.random.org/integers/?num=100&min=1&max=6&col=5&base=10&format=html&rnd=new
(Note that if someone is able to observe or intercept your random numbers -- whether you're rolling dice or visiting a web site -- that would fundamentally weaken your password. Also, use that web site only to the extent you trust them -- if they guessed you were using the numbers to create diceware passwords they could feed you numbers of their choosing, leading to passwords that they could guess.)
Here are some examples of 3, 4, and 5 word phrases to give you an idea.
(In this variant, I put dashes between words and capitalize the first letter -- these are mainly to satisfy common password restrictions and don't change the strength of the password a lot.
Code:
oj, calve, craig Oj-calve-craig
doom, from, yi Doom-from-yi
nit, minot, peel Nit-minot-peel
illume, saul, doom Illume-saul-doom
olive, cider, oscar, amen Olive-cider-oscar-amen
inset, many, lh, awn Inset-many-lh-awn
ca, windy, folly, snort Ca-windy-folly-snort
libido, pz, thug, gay, ) Libido-pz-thug-gay-)
argon, iy, omaha, mulct, razor Argon-iy-omaha-mulct-razor
gold, strafe, bring, cetera, is Gold-strafe-bring-cetera-isHopefully this is obvious, but you should only use ones you generate yourself, never ones that someone else generated.
johnnyturbouk
macrumors 68000
well this is clearly the reason why so many millions had their icloud accounts hacked, bad password choices, and nothing to do with apple - thankyou
tell me about it, i have no idea how many times i had to reset my family members apple id password. "whats an apple id?" "what are those security questions? how does it know where i was born? thats creepy"
lol literally everyone i knows passcode is their birthday or none at all like "whatever ... if i lose it, the phone is gone anyway"
Last edited:
Last edited:
True. I think the problem is that many people created some sort of account prior to 2006 (or before the time that >8 characters alphanumeric password was strictly enforced). The website never bother to ask people to change, so they just kind of using the same old password.
Even though these passwords are really bad, almost everybody is approaching passwords the wrong way, as shown by the awesome XKCD comic above.
It will be really interesting when quantum computers hit the market and passwords are no longer safe at all. I guess we will have to go to a Touch ID system for computers.
It will be really interesting when quantum computers hit the market and passwords are no longer safe at all. I guess we will have to go to a Touch ID system for computers.
When I get a newer iPhone I will change my password to a complex one. As it is now, no one has ever guessed it. Without Touch ID, I can't be bothered typing in a 10+ character password every time I want to check my phone.
Having a simpler password on your phone is probably okay because it is different from a password stored online, where the hash could potentially be accessed by a hacker and cracked.
Ah ok. Well the passwords I use online are about as complicated as I can make them.
It's not so much that, as the absurdity that most sites that enforce password rules have a character limit. I ****ing hate password rules to begin with, but what i hate even more is limits.
Because of all these rules, i HAVE to use 1Password to generate it. So, every site has a unique, machine-readable mess of characters, which is completely the opposite of what a password should be.
It's time for a password mechanism be rolled into HTML5, and be built-into the browser, so that i am identified by my hardware, rather than email+password. (same with iOS, btw. I have a thumb! Why do i need to type in a password!)