Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Worst Passwords of 2017 Include '123456' and 'Password'

Despite many well-publicized major data leaks in 2016 and 2017, many people continue to use weak passwords that are easily guessed.
Click to expand...

Those two parts are exact opposites of each other. If my password's going to get leaked, I want it to be "123456" or "password" anyway.
 
happydude said:
in this day in age, if you're dumb enough to use 123456 as a password you deserve to have your identity stolen.
Click to expand...

ikr? at least do 6543210

ActionableMango said:
I'd argue that the system shouldn't allow weak passwords in the first place. When I see these weak passwords I think it's really a failure of the software developer, the system requirements, or security policy. You should expect the users to be lazy.

You can either have one coder do the right thing (require the software developer to enforce strong passwords), or hope that every single one of your thousands or millions of customers, employees, business partners do. The first scenario is much more realistic to me.
Click to expand...

my bank only allows nummeric 5 character passwords online. my sky tv provider only 4! its really stupid
 
oneMadRssn said:
Hey guys, look what I discovered. If you try to post you password on this forum, it automatically replaced it with asterisks.

Look, this is my password: ********

Try it!
Click to expand...
StarWarsEpisode5TheEmpireStrikesBack
Nope...doesn't work for me.



....dammit....
 
  • Like
Reactions: oneMadRssn
avanpelt said:
I’ve been a 1Password user for many years. Never going back to the days before I had strong, unique passwords for everything.
Click to expand...

I've been using 1password for years as well, but I still have derivatives of a few passwords. Given that so many websites have a log in, it'd get exhausting having to switch to 1password for every damn password.

For bank info, the big complex passwords work, but I see no reason to have a super complex password for say, a forum account.
 
Christoffee said:
While I get what you're saying, rules imposed by websites infuriate me. I have a password system, that allows me to have long, unique passwords for everysite. It incorporates a number, a caps, and a sign. When i set my password and a website tells me that it must have at least two numbers I'm :mad:! The password is unique and 19 characters long! And you're telling me that I should use "monkey69".
Click to expand...

Yes, some websites are super annoying and have dumb rules. I think it was Microsoft websites for a while which wouldn’t allow several of the symbols on the standard keyboard above the numbers. Not long ago I ran into a website that didn’t allow hyphens which made the Safari automatically generated password not work. I’m really not sure how in the modern computing age any ASCII symbol from 32 on wouldn’t be allowed.
 
Easily guessable, easily crackable :D

May not need they all will be attacked, but better be safe than sorry.

Just like its 'better to be safe than sorry' to have an alarm system that could be a waste if u never get burgled at all in your life..
 
Are we getting the 'Guinness world record' for how long we can keep weak passwords for, or 123456?
 
The details could be a bit biased though. I use bad passwords (although not that bad) to sites I don't trust. LinkedIn was one of them, then low and behold they got hacked and I didn't use one of my strong passwords (I mainly use keychain now though)
 
  • Like
Reactions: fairuz
Boyd01 said:
Why? I think they're doing a great public service for the rest of us. Why would a hacker waste time trying to crack my more secure password when there's so much easily picked low-hanging fruit? :)
Click to expand...

LOL great one ... OK I take back my snide comment.
 
You guys call the users stupid, but any system that doesn't at least warn the user not to set "password" as a password is also stupid. And the fault is the programmer's, no matter how much techies like to blame the user. The user shouldn't have to worry about this and should trust the system to not let him create an insecure account without at least a warning.

Like why is having a password non-optional, but having a secure password is optional?
[doublepost=1513733144][/doublepost]
rudigern said:
The details could be a bit biased though. I use bad passwords (although not that bad) to sites I don't trust. LinkedIn was one of them, then low and behold they got hacked and I didn't use one of my strong passwords (I mainly use keychain now though)
Click to expand...
Same. Make me sign up for something I don't care about, and I'm gonna make my password dddddd.
 
Last edited:
What is this list actually listing? The heading says they are "the worst" passwords. The description on their website says they are "commonly hacked" passwords. This article says they are "popular" passwords. So which is it? And what criteria was used to determine the ranking? Without that information this is completely useless.
 
  • Like
Reactions: yegon
This list shows just how stupid passwords are. People obviously hate them. The internet is not some back alley speakeasy, with secret codes to get through the door. I can hardly wait for biometrics to take over.
 
password_strength.png
 
  • Like
Reactions: PianoMan2112
justperry said:
No, it's not...

Username: admin
Password: admin

...is the worst combination.

I get what you did here and I too think it was a huge blunder, but guessing root and leave the password section blank is harder to guess than the one I pointed out above, that's a standard on millions upon millions of devices.
It's getting better though, most ISP Modems don't have this standard login anymore.
Click to expand...
Every router I've ever purchased other than the Apple ones has had the "admin admin" combo, even a recent one that came with a 801.11ac wifi AP. Maybe it needs to be criminalized? I don't know what's going to stop it, and the consequences are going to keep getting worse.
[doublepost=1513757815][/doublepost]
ActionableMango said:
I'd argue that the system shouldn't allow weak passwords in the first place. When I see these weak passwords I think it's really a failure of the software developer, the system requirements, or security policy. You should expect the users to be lazy.

You can either have one coder do the right thing (require the software developer to enforce strong passwords), or hope that every single one of your thousands or millions of customers, employees, business partners do. The first scenario is much more realistic to me.
Click to expand...
Thank you. I don't get why devs still make dumb signup systems that don't even look up the password in an English dictionary.
 
Far more egregious, and seldom mentioned, is the number of people who use the same primary email address (for resetting passwords) for general useage and permanently logged in on their phone.
 
My password seems to often be just clicking the reset password button.
[doublepost=1513773712][/doublepost]
yegon said:
Far more egregious, and seldom mentioned, is the number of people who use the same primary email address (for resetting passwords) for general useage and permanently logged in on their phone.
Click to expand...

And they don't have a password on their phone. Yes, I still see people (even with Touch ID) who do not have passwords on their phone.
 
Look, this is my password: password
[doublepost=1513781136][/doublepost]
oneMadRssn said:
Hey guys, look what I discovered. If you try to post you password on this forum, it automatically replaced it with asterisks.

Look, this is my password: ********

Try it!
Click to expand...

lol troll
[doublepost=1513781295][/doublepost]
logicstudiouser said:
I feel like most of these are on the list every year. People never learn!
Click to expand...
Some of them are default passwords that never get changed. #DefaultRadio
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back