Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

'123456' Named 2014's Worst Password of the Year

I always recommend lyrics to songs that people like. It becomes a passphrase instead of a password, they are easy to remember for the individual, and for a lot of songwriters, its nonsensical gibberish no one would think to try.
 
I use 1password for nearly all my stuff (including generating passwords) but there are times I dgaf about the account/website. Or, I feel like I'm spiting a company with draconian requirements by choosing the simplest password I can while still conforming to their bs rules. I'll choose my own damn password and accept and consequences thereof, thank you.
 
Daalseth said:
It's time we abandon the whole password idea. People simply can't remember and won't be bothered to enter anything long enough and random enough to be secure. We need to go to something else. Biometrics is OK but if it's hacked how do you change your fingerprint. We need some other way to assure that whoever is trying to access systems are in fact the people who should be accessing them.

The password concept is obsolete.
Click to expand...

If password managers like lastpass and 1password were not available, I would agree with you. But those apps are so good and so easy to use that there's really no excuse not to have long, random, unique passwords for every site.
 
Aha. I have a lock app for sensitive media on my iPhone and I recently changed the password to 'QWERTY'. Mostly because if I want something in there, I just wanna access it quickly. But I still need it behind a locked door, so to speak. I just didn't think anybody snooping would think to try 'QWERTY.'

Still waiting for a similar kind of app which just uses TouchID to log in. THAT would be useful and quick!
 
Most password require eight characters or more (with a number and a capital) so my password is --
GoofymickeydonaldsneezydopeygrumpybeautyandthebeastWashingtonDC256
 
bigchrisfgb said:
The other day I met a friend of a friend. She has a iPod touch with a password on it. It took me 1 guess to get into it, it was her birth year. People are too predictable at times.
Click to expand...
yes, sadly this is far too common. I was visiting a friend last summer and he let me use his computer. his password turned out to be his birthday. I told him that this was an incredibly bad idea but he didn't care. he said that this was the only thing he was sure to remember.

Daalseth said:
It's time we abandon the whole password idea. People simply can't remember and won't be bothered to enter anything long enough and random enough to be secure. We need to go to something else. Biometrics is OK but if it's hacked how do you change your fingerprint. We need some other way to assure that whoever is trying to access systems are in fact the people who should be accessing them.

The password concept is obsolete.
Click to expand...
no, it's not obsolete. things only become obsolete when something better comes along that can replace them. this hasn't happened yet to passwords.
nobody knows what should be used instead of them as you yourself mention.

djtech42 said:
Even though these passwords are really bad, almost everybody is approaching passwords the wrong way, as shown by the awesome XKCD comic above.

It will be really interesting when quantum computers hit the market and passwords are no longer safe at all. I guess we will have to go to a Touch ID system for computers.
Click to expand...
what do quantum computers have to do with passwords? quantum computers will (at least theoretically) kill the current form of public encryption but they won't make cracking passwords any easier.
 
QCassidy352 said:
If password managers like lastpass and 1password were not available, I would agree with you. But those apps are so good and so easy to use that there's really no excuse not to have long, random, unique passwords for every site.
Click to expand...

Maybe a silly question but I never used one of those tools before. (yes I admit I am too lazy) What if you want to sign in on a phone or a computer that doesn't have the tools. How will I be able to sign in if I don't know that auto generated password?
 
I tend to side with The Oatmeal on this one. If people want crappy passwords, let them have 'em.

http://theoatmeal.com/comics/shopping_cart
 
...Despite these password managers too, no on users them either :) they still use sticky post it notes, not even Notes on Mac would at least be better. but Sony still have a text file called "Passwords.txt"

Sony, of all people,, and this is someone we buy from. Just image if some Apple employee did passwords this way.. (no,, that would freak me out).

good to see Sony was not far behind either.. and while online password managers or even browser based ones, are better than jotting down anything, there will always be though uses who reckon they know what their doing....

Until they get hacked, that is... Maybe they learn a lesson, but chances they won't. We live in a shaddy world.....

Why can't everyone just be smart ... :confused:

(also it looks like people don't know about password or complexity either)
 
bushido said:
Maybe a silly question but I never used one of those tools before. (yes I admit I am too lazy) What if you want to sign in on a phone or a computer that doesn't have the tools. How will I be able to sign in if I don't know that auto generated password?
Click to expand...

1. Don't use a password manager that is not available on your phone.
2. Always take your phone and make sure it's charged when you need your password.
 
V.K. said:
no, it's not obsolete. things only become obsolete when something better comes along that can replace them. this hasn't happened yet to passwords.
nobody knows what should be used instead of them as you yourself mention.
Click to expand...

password_strength.png
 
bushido said:
Maybe a silly question but I never used one of those tools before. (yes I admit I am too lazy) What if you want to sign in on a phone or a computer that doesn't have the tools. How will I be able to sign in if I don't know that auto generated password?
Click to expand...

You'd use a web browser to access them
 
Cuban Missles said:
Most password require eight characters or more (with a number and a capital) so my password is --
GoofymickeydonaldsneezydopeygrumpybeautyandthebeastWashingtonDC256
Click to expand...

C'mon. Are we supposed to believe you are a real blonde?
 
Daalseth said:
It's time we abandon the whole password idea. People simply can't remember and won't be bothered to enter anything long enough and random enough to be secure. We need to go to something else. Biometrics is OK but if it's hacked how do you change your fingerprint. We need some other way to assure that whoever is trying to access systems are in fact the people who should be accessing them.

The password concept is obsolete.
Click to expand...

No Biometrics is not any better.
The correct security is something you know (password)
something you have (biometrics, phone ect)

One or the other is easy to get into. Going pure biometrics is a horrible idea and just as unsecure.
 
Jett0516 said:
What if people chose 123456 as their password for sites that they don't care if its get hacked?

Like Facebook website. I don't have real info about myself there so I pick the easiest password that I know. This is my guess of these worst passwords.
Click to expand...

Facebook integration for apps, saves and so on. With facebook credentials you can easily bypass many other passwords, like spotify.
 
V.K. said:
that's a nice slide. where is it from?
it doesn't change what I said though - it just tells you how to pick good passwords instead of bad ones. it doesn't change the authentication method from passwords to something else.
Click to expand...
It's from xkcd.com

I would rather use a passphrase, but many sites these days require you to have a capital letter, number, and symbol which I have a hard time remembering. Many still also have length limits

With all the hacks last year, seems like the weaknesses are more the servers than the passwords themselves
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back