The worst passwords of 2023 are also the most common, “123456” comes in first::undefined

  • brygphilomena@lemmy.world
    link
    fedilink
    English
    arrow-up
    81
    ·
    1 year ago

    only one – “theworldinyourhand” – is virtually uncrackable. It is the number 173 most common password and would take centuries to guess using brute force.

    Not anymore. That would get moved towards the top of the rainbow table now.

    • Toribor@corndog.social
      link
      fedilink
      English
      arrow-up
      27
      ·
      1 year ago

      Pass phrases for the passwords you have to type by hand, automatically generated passwords for the things that can autofill from a password manager, MFA for everything that supports it.

      Anything less or any password reuse is just asking for trouble.

      • JustAnotherRando@lemmy.world
        link
        fedilink
        English
        arrow-up
        14
        arrow-down
        1
        ·
        1 year ago

        Yeah, using a pass phrase makes it much easier to remember on top of being more secure. But users should introduce at least a bit more complexity than that example (all lower case letters isn’t great). This1sComplexButMemorable! Is an easy example of how you can just make up a relevant sentence to what you’re using, include a range of character types for complexity and to meet requirements, and you’re good to go. Plus if you make it relevant to what you’re logging into, you’re less likely to be tempted to reuse the pass.

      • JohnEdwa@sopuli.xyz
        link
        fedilink
        English
        arrow-up
        7
        ·
        edit-2
        1 year ago

        OTOH passphrases are so rarely used that other than a handful of common examples that would already be in a word list such as CorrectHorseBatteryStaple, it would be rather unlikely for anyone to bother even trying unless they are specifically trying to crack a specific password.

        So maybe don’t use a plain four word english passphrase as the admin login, but if your facebook password is ZuckerbergSucksFlaccidCock, 'tis probably fine.

    • umbrella@lemmy.ml
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Handing the security of your accounts to… mobile carriers… always felt iffy to me.

  • Square Singer@feddit.de
    link
    fedilink
    English
    arrow-up
    38
    ·
    1 year ago

    They got this data from password leaks. Crappy sites that force you to create an unnecessary account for basic usage are arguebly more often part of password leaks.

    So it’s not a surprise that a huge amount of leaked accounts have passwords like 123456, because that’s exactly the right kind of password for a throwaway account that you’ll never need again. In the best case coupled to a trashmail email account.

  • Bernie Ecclestoned@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    26
    ·
    edit-2
    1 year ago

    Apparently, people creating new accounts seem to assume the word (password) in the box in light gray font is a suggestion rather than a label.

    lol

  • edgemaster72@lemmy.world
    link
    fedilink
    English
    arrow-up
    21
    arrow-down
    1
    ·
    1 year ago

    No mention of descending numbers, looks like 654321 is still safe. Not that uh, I, would have any particular worry about that one, nope.

    eyes dart back and forth rapidly

    • nul@programming.dev
      link
      fedilink
      English
      arrow-up
      9
      ·
      1 year ago

      Just waiting for the day when they start calling out those of us who make all our passwords easy to type with one hand.

      • taiyang@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        Funny, I thought only I did that. Looks like a boss when you login to a system with just one hand and at lightning fast speeds.

  • Dem Bosain@midwest.social
    link
    fedilink
    English
    arrow-up
    19
    ·
    1 year ago

    Good old ]yèî̾ÌP®åÙyJàºséí³Òò&ÚÀxÁõÝÞ/ÍÔ9~B6Æ¿Üïd`ÛÝm®@. Nobody ever guesses that.

  • MeekerThanBeaker@lemmy.world
    link
    fedilink
    English
    arrow-up
    10
    ·
    1 year ago

    I think most of these are for accounts where people don’t care if they are hacked or not.

    Regardless, this should not be on the individual. The issue is with the website that allows those types of passwords to begin with. There are sites that don’t allow special characters at all. Stupid.

    • JustAnotherRando@lemmy.world
      link
      fedilink
      English
      arrow-up
      12
      ·
      edit-2
      1 year ago

      The most infuriating thing is websites that actually limit secure passwords (e.g. “password must be between 6 and 12 characters”). Preventing longer passwords makes little sense if they’re salting and hashing; and if they’re storing the passwords in plain text (which is just about the only reason to limit the max length to anything less than what a person would reasonably remember), that’s even worse.

    • systemglitch@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      Exactly, I’m not using a real password for a site I don’t care about where I have nothing to protect.

      I’m using something simple that I can type with one hand.

      Something important however? Good luck figuring that out.

    • r00ty@kbin.life
      link
      fedilink
      arrow-up
      6
      ·
      1 year ago

      Everyone knows the correct test credentials are test/test. Even then, that’s only if they don’t allow blank/no password.