Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

'123456' Named 2014's Worst Password of the Year

I've gotta think these are circular reports

In today's age, I gotta think this report is poisoned by circular reporting. You dumped the data, which then gets re-dumped, re-posted, and then "re-hacked," "Re-Leaked," "Re-released." As most websites and IIS servers won't allow 123456 don't allow less than 8, and we see these lists now every year, it just seems less plausible.

Also, I use a level of sophistication driven by the type of system. My banking password is upper, lower, special char, and follows no system (keyboard, words, etc). However, my hotspot password is literally easy since if you're physcially within RF range of my house I can see you and I actively monitor my LAN IP list. I share pw with roommates so a sophisticated pw means countless, "Whats the PW again?" conversations I don't want.

Social media PW is between the two, and I don't use the same one. (e.g. unlike CENTCOM, you can't hack my Twitter and FB at the same time) :)
 
jamesdmc said:
Okay...off to google "two-factor authentication"...:D
Click to expand...

Here's the help page at the Dropbox site:

https://www.dropbox.com/help/363

There are a number of ways to use it. I use the Google Authenticator app on my iPhone. But, you can also just have it send you a text message you login from a previously unknown device.

Two-factor authentication is basically: enter your password, and a second token that changes regularly, and is only accessible to you.

I use it everywhere I can. Apple offers it now (send the second factor to a registered device), as does Google, and almost every major US bank.
 
ptb42 said:
Here's the help page at the Dropbox site:

https://www.dropbox.com/help/363

There are a number of ways to use it. I use the Google Authenticator app on my iPhone. But, you can also just have it send you a text message you login from a previously unknown device.

Two-factor authentication is basically: enter your password, and a second token that changes regularly, and is only accessible to you.

I use it everywhere I can. Apple offers it now (send the second factor to a registered device), as does Google, and almost every major US bank.
Click to expand...


Except Citibank and US Bank...
 
V.K. said:
ok, let me tell you again.
keeping 3-5 passphrases is very bad because you use the same password for many sites. if just one of the social sites gets hacked, all the other ones are immediately in danger. same for banks etc. I never do that.

as for your other point about password managers if you only have a single computing device then you can certainly have problems if you travel and it breaks. but who does that these days? people always have at least two when they travel - a laptop and a phone or a tablet. I certainly do and I've never had two of them die at the same time. on my last trip to Europe which lasted 2+ months I had my mbp, my iphone and my ipad. the mbp died but I had no problems using 1password because the other two devices were just fine. this is not a real issue for most people.
Click to expand...

My work laptop doesn't have it because my company doesn't allow personal files/programs and will delete it.

Not everyone has the situation you think. Sometimes I fly with just my phone and a notebook (one with pages, not a battery)
 
mainstreetmark said:
It's time for a password mechanism be rolled into HTML5, and be built-into the browser, so that i am identified by my hardware, rather than email+password. (same with iOS, btw. I have a thumb! Why do i need to type in a password!)
Click to expand...

What happens if I need to access my account on a different computer? Like my Universities library or something? How does the hardware work that way?
 
joshwenke said:
With simple brute force attacks, using longer (easy-to-remember or not, it doesn't matter) passwords is always the best way to go.

But you're forgetting that there's other password cracking methods, including using words from the dictionary. If a computer was trained to use words from a dictionary first, it would have no issues solving your horse-battery password, for example. Complexity is just important as length.
Click to expand...

Not necessarily. The average person uses something like 3500 words in their typical vocabulary, and can identify something like 10-20,000 depending on their education level. Let's use the 3500 number just to keep any estimates conservative.

Treat each word as its own letter. A 5-word password would have 3500^4 combinations or ~1.5 * 10^14 combinations. A typical "complex" password usually requires 3 of the following: A capital letter, a lower case letter, a number, and a symbol. Let's assume a 8-character combination of capital, lowercase, and numbers. That would be 62^8 possible combinations, or ~2.2 * 10^9 combinations.

That's not taking into account that many "complex" passwords will follow some sort of pattern (for example, a common word with the first letter capitalized and a number or two tacked on). And that one can easily remember a passphrase of more than 4 words, and do things like capitalizing each word (exponentially increasing the number of possible combinations). Just adding 1 word for example would increase the number of combinations to 5.3*10^17.

Passphrases would be more secure than our current system while being easier to remember. They're just a bit harder for computers and databases to deal with.
 
Last edited:
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back