Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

'123456' Named 2014's Worst Password of the Year

Abandoning passwords is not a solution just because no one can use them properly.

Biometrics may be the latest and greatest, but we all forget, under law, Passwords are the only thing which can never be forced to reveal... On the account, how can u reveal something u don't know ...


I'm all in favor of biometrics, but if i had to choice to either choose one or the other, i'd choose passwords any day, for this main reason above ....... Assuming, Lastpass doesn't get hacked, I;m still in the good books :)
 
terraphantm said:
It's from xkcd.com

I would rather use a passphrase, but many sites these days require you to have a capital letter, number, and symbol which I have a hard time remembering. Many still also have length limits

With all the hacks last year, seems like the weaknesses are more the servers than the passwords themselves
Click to expand...

this can help a little but I don't think it solves the big problem. you still need a lot of passwords for a lot of sites and you won't memorize them all even with the technique you suggest. Plus you need to change them periodically.
A good password manager is still a must.
But none of this (including password managers) works well for the masses - too much trouble for most people. so as others have suggested, passwords really do need to go but it's not clear what should replace them.
 
ptb42 said:
XKCD: Password Strength

Image

It has been implemented here: https://xkpasswd.net/
Click to expand...

With simple brute force attacks, using longer (easy-to-remember or not, it doesn't matter) passwords is always the best way to go.

But you're forgetting that there's other password cracking methods, including using words from the dictionary. If a computer was trained to use words from a dictionary first, it would have no issues solving your horse-battery password, for example. Complexity is just important as length.
 
Jett0516 said:
What if people chose 123456 as their password for sites that they don't care if its get hacked?

Like Facebook website. I don't have real info about myself there so I pick the easiest password that I know. This is my guess of these worst passwords.
Click to expand...

I do that fairly commonly if I need to sign up for something that isn't going to be linked to anything that is important. I would hope these aren't leaked passwords for bank accounts, but for a site that doesn't have any personal info I don't see the problem with using a weak password rather than something that is a pain to remember.

For the sites that I actually use strong passwords I end up having to reset the password about as often as I actually remember it if I'm on a computer where it isn't saved.
 
joshwenke said:
With simple brute force attacks, using longer (easy-to-remember or not, it doesn't matter) passwords is always the best way to go.

But you're forgetting that there's other password cracking methods, including using words from the dictionary. If a computer was trained to use words from a dictionary first, it would have no issues solving your horse-battery password, for example. Complexity is just important as length.
Click to expand...

But there are 50,000 common English words.. So four random common words versus 16 characters is way harder to crack.
 
bushido said:
Maybe a silly question but I never used one of those tools before. (yes I admit I am too lazy) What if you want to sign in on a phone or a computer that doesn't have the tools. How will I be able to sign in if I don't know that auto generated password?
Click to expand...

Tech198 said:
You'd use a web browser to access them
Click to expand...

If you sync your 1Passwords with Dropbox, yes, you can log into Dropbox.com, and access 1Password Anywhere by clicking on the html file. For this reason, my Dropbox.com password isn't as secure as I'd like. From time to time, I have to use this process to access my passwords from a computer that's not mine.
 
A silly question. But if passwords are supposed to be not known by people other then who them... how are such statistics available? Yes, databased obviously store them and it would be possible to access them to form trend based analytics, but shouldnt accessing them be illegal?
 
Tech198 said:
Abandoning passwords is not a solution just because no one can use them properly.

Biometrics may be the latest and greatest, but we all forget, under law, Passwords are the only thing which can never be forced to reveal... On the account, how can u reveal something u don't know ...


I'm all in favor of biometrics, but if i had to choice to either choose one or the other, i'd choose passwords any day, for this main reason above ....... Assuming, Lastpass doesn't get hacked, I;m still in the good books :)
Click to expand...

It might have once already.
http://www.pcworld.com/article/227268/lastpass_ceo_exclusive_interview.html
 
Daalseth said:
It's time we abandon the whole password idea. People simply can't remember and won't be bothered to enter anything long enough and random enough to be secure. We need to go to something else. Biometrics is OK but if it's hacked how do you change your fingerprint. We need some other way to assure that whoever is trying to access systems are in fact the people who should be accessing them.

The password concept is obsolete.
Click to expand...

2 factor authoritication is the answer. One part is a password the other is something you have ie finger print or card. One of them is hard to hack and the other can be changed
 
"Incorrect"

That's why I use "incorrect" as my password. If I ever forget it, the computer says "Your password is incorrect", then I'm back in business.

Dan
 
This just in: Every PIN has been leaked! Here's the first 5 from the file:

0000
0001
0002
0003
0004
 
The numbers and qwerty don't surprise me, but football? and dragon? what is that about?


Also, I like how forums now have filters so if it sees that you typed your password in the message box by mistake, it changes it to "*******" that is a good feature

check it out...here is mine...

mcdaddio!&
 
1,2,3,4,5,6, eh?

What did Forest Gump once say? Something to the effect of, "stupid is as stupid does"?

Exactly.
 
MacRumors said:
https://www.macrumors.com/2015/01/20/123456-2014-worst-password-of-the-year/

One of the most popular passwords in 2014, for example, was "123456," according to a list of leaked 2014 passwords gathered by SplashData....

[snip]

To get its list of the worst passwords in 2014, its fourth annual year of collecting password data, SplashData looked at more than 3.3 million passwords that were leaked across 2014. ...

Article Link: '123456' Named 2014's Worst Password of the Year
Click to expand...

Um, looking at the methodology, isn't it obvious that the only passwords that this study will garner are passwords that have gotten leaked, and that "123456" would therefore turn up disproportionately to its actual use as a password, not because it is commonly used, but because it is so easily hacked (i.e. "leaked")?
 
My message forum pass is fifty times better then those.

I have several dozen passcodes that I manage just fine. Of course I know people that forget everything since they have no organization with anything.
 
CalMin said:
Best site to check your password:

https://howsecureismypassword.net/
Click to expand...

"It would take a desktop PC about 24 duodecillion years to crack your password."

My fingers are very thankful that I recently upgraded from a iPhone 5 to a iPhone 6.

When you have to type out passwords that are between 128 - 256 AES, it can get tedious trying to remember them, not to mention the occasional input typos. :confused:

If only my Mac was touch ID. :cool: That is another very long password that I have to type in all the time.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back