User avatar
Revelation
Topic Author
Posts: 22660
Joined: Wed Feb 09, 2005 9:37 pm

Most Popular Passwords: 'Password' And '123456'

Wed Jan 21, 2015 3:23 am

Wake up to find out that you are the eyes of the world
The heart has its beaches, its homeland and thoughts of its own
Wake now, discover that you are the song that the morning brings
The heart has its seasons, its evenings and songs of its own
 
Cadet985
Posts: 2188
Joined: Sat Mar 02, 2002 6:45 am

RE: Most Popular Passwords: 'Password' And '123456'

Wed Jan 21, 2015 3:32 am

Nope. I use a few specific passwords, and on sites where more security is needed, I let Siri randomly generate a password.

Marc
 
User avatar
fr8mech
Posts: 7883
Joined: Mon Sep 26, 2005 9:00 am

RE: Most Popular Passwords: 'Password' And '123456'

Wed Jan 21, 2015 3:33 am

No mine. It does boggle the mind though, doesn't it? People actually use some of those passwords.

For what it's worth; I've picked a phrase that is fairly easy to remember and take the first letter of each word and that's my password. It helps that my phrase has letters, numbers and a special character. I threw in a couple of Caps for good measure. It works out to a 13 character password.
When seconds count...the police are minutes away.
Unless it's expressly prohibited, it's allowed.
You are not entitled to a public safe space.
Ego Bibere Capulus, Ut Aliis Sit Vivere
 
User avatar
Revelation
Topic Author
Posts: 22660
Joined: Wed Feb 09, 2005 9:37 pm

RE: Most Popular Passwords: 'Password' And '123456'

Wed Jan 21, 2015 3:50 am

Quoting cadet985 (Reply 1):
I use a few specific passwords, and on sites where more security is needed, I let Siri randomly generate a password.

Much better than the listed ones, but you are putting a lot of faith into Siri, which may or may not be justified. Apple is pretty good, but when push comes to shove they still are subject to all kinds of (known and unknown) US government influences.

Quoting fr8mech (Reply 2):
For what it's worth; I've picked a phrase that is fairly easy to remember and take the first letter of each word and that's my password. It helps that my phrase has letters, numbers and a special character. I threw in a couple of Caps for good measure. It works out to a 13 character password.

Sounds good, as long as you don't reuse the phrase across web sites, because once one is hacked the rest are vunerable.
Wake up to find out that you are the eyes of the world
The heart has its beaches, its homeland and thoughts of its own
Wake now, discover that you are the song that the morning brings
The heart has its seasons, its evenings and songs of its own
 
ElanusNotatus
Posts: 720
Joined: Thu Aug 14, 2014 2:48 am

RE: Most Popular Passwords: 'Password' And '123456'

Wed Jan 21, 2015 4:35 am

Which reminds me of the scene in Umberto Eco's work "Foucault's Pendulum."

On loading the computer, our protagonist is asked, "Do you have the password?" He then spends hours, weeks even, trying to figure out what the password is. Finally, in desperation he keys in the word "No." He is granted access.

=====================================

Of course it isn't just that people use easy to break passwords but that they will often leave devices set to their default password, which might be something as simple as 0000. Any would be hacker will know the default password for a range of devices.

Others will run devices like smartphones and tablets without any password at all because they don't want to key in a four digit PIN or other code. Amazing when you consider that they use those devices for all sorts of transactions.
Crawl, walk, fly into the future
 
User avatar
fr8mech
Posts: 7883
Joined: Mon Sep 26, 2005 9:00 am

RE: Most Popular Passwords: 'Password' And '123456'

Wed Jan 21, 2015 5:11 am

Quoting Revelation (Reply 3):
Sounds good, as long as you don't reuse the phrase across web sites, because once one is hacked the rest are vulnerable.

That particular password is ONLY used on financial websites...so, in my case 3. I use a different phrase for email. A different one for Social media and a throw away.
When seconds count...the police are minutes away.
Unless it's expressly prohibited, it's allowed.
You are not entitled to a public safe space.
Ego Bibere Capulus, Ut Aliis Sit Vivere
 
nws2002
Posts: 880
Joined: Wed Feb 13, 2008 11:04 pm

RE: Most Popular Passwords: 'Password' And '123456'

Wed Jan 21, 2015 5:17 am

Quoting Revelation (Reply 3):
Sounds good, as long as you don't reuse the phrase across web sites, because once one is hacked the rest are vunerable.

I have five base passwords along with some variations in capitalization, numbers, and special characters. I cannot imagine trying to keep up with a different password for every single login I have. I do make use of two factor authentication when its available, Gmail is probably the best example there. I tried LastPass and while it worked well in a browser, it was a pain for mobile access to banking sites and apps.
 
User avatar
seb146
Posts: 21453
Joined: Wed Dec 01, 1999 7:19 am

RE: Most Popular Passwords: 'Password' And '123456'

Wed Jan 21, 2015 5:34 am

I thought everyone's password was *******

Quoting nws2002 (Reply 6):
I have five base passwords along with some variations in capitalization, numbers, and special characters.

I do that too. I use word and letter combinations and change them for different sites.
You bet I'm pumped!!! I just had a green tea!!!
 
jetblueguy22
Posts: 3309
Joined: Thu Nov 29, 2007 12:26 am

RE: Most Popular Passwords: 'Password' And '123456'

Wed Jan 21, 2015 6:03 am

I'm surprised websites don't have a block for passwords that simple. I know at work if we try to do 123456 or password it kicks it back immediately. I have different passwords for a variety of things. For secure stuff they all have their own unique password. For stuff where security isn't an issue (aka social media) I just have one password. I try to use a security token whenever it is offered.
Pat
Look at sweatpants guy. This is a 90 million dollar aircraft, not a Tallahassee strip club
 
User avatar
Aesma
Posts: 12273
Joined: Sat Nov 14, 2009 6:14 am

RE: Most Popular Passwords: 'Password' And '123456'

Wed Jan 21, 2015 7:02 am

I use 123456 for things where the password isn't really needed for protection, but you can't go without. For example a program I can only launch from my work computer (who has a proper password), when it's connected to my work network.
New Technology is the name we give to stuff that doesn't work yet. Douglas Adams
 
ACDC8
Posts: 7826
Joined: Thu Mar 10, 2005 6:56 pm

RE: Most Popular Passwords: 'Password' And '123456'

Thu Jan 22, 2015 4:28 am




filler filler filler
A Grumpy German Is A Sauerkraut
 
Cadet985
Posts: 2188
Joined: Sat Mar 02, 2002 6:45 am

RE: Most Popular Passwords: 'Password' And '123456'

Thu Jan 22, 2015 4:35 am

Quoting Revelation (Reply 3):
Much better than the listed ones, but you are putting a lot of faith into Siri, which may or may not be justified. Apple is pretty good, but when push comes to shove they still are subject to all kinds of (known and unknown) US government influences.

As I'm in a government volunteer organization, I have a security clearance as part of my membership. I can safely say I have nothing to hide.

Quoting jetblueguy22 (Reply 8):

I'm surprised websites don't have a block for passwords that simple. I know at work if we try to do 123456 or password it kicks it back immediately.

On Civil Air Patrol's member website, when you do a password, there's a checklist next to the typing field. Unless you meet all the requirements, it's a pain. In college, it was worse. To access parts of the internal network, your password had to be changed every 90 days, and you could never repeat a previously used password. We hated it. It was a small school that the vast majority of people have never heard of, yet to set passwords on everything EXCEPT e-mail, you'd think it was the Pentagon in terms of security.

Marc
 
ElanusNotatus
Posts: 720
Joined: Thu Aug 14, 2014 2:48 am

RE: Most Popular Passwords: 'Password' And '123456'

Thu Jan 22, 2015 5:18 am

Quoting cadet985 (Reply 11):

As I'm in a government volunteer organization, I have a security clearance as part of my membership. I can safely say I have nothing to hide.

Ah, but do they know that?

People like John le Carré made a fortune selling books, the basic premise of which was "who could you really trust?" In his plots the biggest risk came not from the NKVD or KGB but from people within the British intelligence services. Of course that was fiction but there were plenty of real life examples.

Besides, if you truly believe that you have nothing to hide, why have passwords in the first place?
Crawl, walk, fly into the future
 
User avatar
Tugger
Posts: 9695
Joined: Tue Apr 18, 2006 8:38 am

RE: Most Popular Passwords: 'Password' And '123456'

Thu Jan 22, 2015 6:37 am

I am not surprised. It all depends on what the password is protecting, and I suspect a lot of passwords don't protect much, aren't protecting something important to the person, or they aren't used very often, so they aren't very good on purpose (rather they are easy to remember or figure out).

I have a certain "common" password that I use for sites I really don't care if they were hacked (it wouldn't cause any real harm to me and doesn't have any significant information on me). I could visit a site years from now and remember the password. Then I have the ones with a "standard base with added variation" similar to what others have mentioned. And then I have the ones I really care about, that access very important things and they have unique passwords with all the stronger elements modern passwords need. I only have five of those that I use regularly.

And then there are a bunch that I just don't care about at all and yes they have passwords like 123456 (like work voicemail).

How many people here find they have to keep resetting/requesting a new password for certain sites that require strong passwords? I have a couple of those, sites I only access once or twice a year and I just can never remember that damn things. Oh well.

Tugg
I don’t know that I am unafraid to be myself, but it is hard to be somebody else. - W. Shatner
Productivity isn’t about getting more things done, rather it’s about getting the right things done, while doing less. - M. Oshin
 
ElanusNotatus
Posts: 720
Joined: Thu Aug 14, 2014 2:48 am

RE: Most Popular Passwords: 'Password' And '123456'

Thu Jan 22, 2015 6:54 am

Quoting Tugger (Reply 13):
I just can never remember that damn things.

That reminds me of when I used to work for a government department. The policy was that users have strong passwords, the passwords be changed every 60 days, inputting the wrong password three times would result in the user being locked out and only an administrator could unlock the account.

The whole system might have worked very well were if not for the number of monitors that I saw with the password written on a post-it note and stuck on the monitor.
Crawl, walk, fly into the future
 
photopilot
Posts: 3101
Joined: Mon Jul 15, 2002 11:16 am

RE: Most Popular Passwords: 'Password' And '123456'

Thu Jan 22, 2015 10:55 am

Where I work I have about 8 different passwords for various areas of our network. Pain in the butt for sure. So I use one base password with various easy second words attached, along with caps and special characters. Our network has an exception table and any attempt to use one of those words as your passwords generates a refusal. I got so frustrated one day I typed a vulgar expression in a foreign language and surprise, it accepted it. So that's now my base password. 
 
User avatar
moo
Posts: 4898
Joined: Sun May 13, 2007 2:27 am

RE: Most Popular Passwords: 'Password' And '123456'

Thu Jan 22, 2015 11:23 am

Quoting jetblueguy22 (Reply 8):
I'm surprised websites don't have a block for passwords that simple. I know at work if we try to do 123456 or password it kicks it back immediately.

There are a few schools of thought about this atm - the first one is "if you are logging into something where you can only access your own details and nothing else, the password strength is up to you. Set a weak one if you like, just dont complain when someone breaks it."

The second one is "if you are logging into something where you have access to other peoples details, the service should set the password complexity requirements."

The third one is "if there is any liability at all on part of the service in case of malicious access, no matter how that access was gained, the service should set the password complexity requirements."

At all points the service should do several things:

1. Limit the number of log in attempts in any one period of time - stops brute force attacks.

2. Use a proper seeded one way hashing routine to store the password.

3. Never store a password unencrypted.

4. Never, ever email a password - even if its temporary.
 
User avatar
Revelation
Topic Author
Posts: 22660
Joined: Wed Feb 09, 2005 9:37 pm

RE: Most Popular Passwords: 'Password' And '123456'

Thu Jan 22, 2015 12:36 pm

Quoting cadet985 (Reply 11):
On Civil Air Patrol's member website, when you do a password, there's a checklist next to the typing field. Unless you meet all the requirements, it's a pain. In college, it was worse. To access parts of the internal network, your password had to be changed every 90 days, and you could never repeat a previously used password. We hated it. It was a small school that the vast majority of people have never heard of, yet to set passwords on everything EXCEPT e-mail, you'd think it was the Pentagon in terms of security.

And interestingly enough, such requirements actually reduce the search space of a brute force attack, so work against good security.

The current thinking is that passwords should become like "somereallylongphrasewithrandomthoughtsinit" because a long password provides more entropy compared to some complicated rules to get more entropy into a short password, and typically are easier to remember. However change is an issue. The whole user community has gotten used to short but convoluted passwords.

The fact that so many systems force you to have short passwords is purely historical, going back to the days where RAM and disk space was so expensive.
Wake up to find out that you are the eyes of the world
The heart has its beaches, its homeland and thoughts of its own
Wake now, discover that you are the song that the morning brings
The heart has its seasons, its evenings and songs of its own
 
User avatar
flyingturtle
Posts: 5740
Joined: Mon Oct 31, 2011 1:39 pm

RE: Most Popular Passwords: 'Password' And '123456'

Thu Jan 22, 2015 12:51 pm

There's a good XKCD cartoon:

http://www.explainxkcd.com/wiki/index.php/1286:_Encryptic

Storing passwords encrypted can be a very bad idea (as explained there). If storing a password in a text file, you may encrypt it. You may wipe that unencrypted file as to leave no traces.

But when opening the text file, your text editor probably will create a temporary file which isn't securely deleted afterwards.

To store passwords really, really securely, I'd buy a cheap computer that never gets internet access, which has an encrypted hard drive, and only serves to store passwords that I enter manually.

And then, there's still the possibility of keyloggers and whatnot. It's a tragedy that we, still in the 2010s, have phones produced that store all words ever entered, so when the password reads WhenPolarFurnaceSleptFurry and you enter "when", it immediately suggests WhenPolarFurnaceSleptFurry.

At the 31C3 in Hamburg, one IT security guy said that 120 years ago, steam locomotives and steam vessels exploded all the time, killing countless people. But in 1910, thanks to engineering steam machines became safe.

Nearly all people work with computers since the 1990ies, but we still haven't engineered failsafe computers that never, never, never reveal sensitive information.


David
Reading accident reports is what calms me down
 
User avatar
moo
Posts: 4898
Joined: Sun May 13, 2007 2:27 am

RE: Most Popular Passwords: 'Password' And '123456'

Thu Jan 22, 2015 1:03 pm

Quoting flyingturtle (Reply 18):
Nearly all people work with computers since the 1990ies, but we still haven't engineered failsafe computers that never, never, never reveal sensitive information.

Social problems are always much more difficult than engineering problems.

And sensitive data storage is a social problem, because society decides what is sensitive and what isnt, otherwise there is no clear delineation between the two - theres nothing inherent to the data that a computer can check to determine if its sensitive or not, it has to be told, and its that stage which is failing atm.
 
User avatar
einsteinboricua
Posts: 7842
Joined: Thu Apr 15, 2010 4:11 pm

RE: Most Popular Passwords: 'Password' And '123456'

Thu Jan 22, 2015 1:30 pm

I have three basic passwords and the one I use will depend on how frequently I visit the site and how much protection I want.

If it's one of those "Register here for X" and I know I won't use it, I'll use the most basic one. If it's a site I usually visit but don't have any sensitive stuff (like credit cards) I use the second one. The third one is the hardest one to crack because it involves numbers, letters, and symbols. Variations of the latter two are also registered in some sites.

With so many sites, it's impossible to keep track of countless passwords, so I figured these three will do.
"You haven't seen a tree until you've seen its shadow from the sky."
 
User avatar
Revelation
Topic Author
Posts: 22660
Joined: Wed Feb 09, 2005 9:37 pm

RE: Most Popular Passwords: 'Password' And '123456'

Thu Jan 22, 2015 4:49 pm

Quoting flyingturtle (Reply 18):
At the 31C3 in Hamburg, one IT security guy said that 120 years ago, steam locomotives and steam vessels exploded all the time, killing countless people. But in 1910, thanks to engineering steam machines became safe.

Nearly all people work with computers since the 1990ies, but we still haven't engineered failsafe computers that never, never, never reveal sensitive information.

I suppose, but the complexity of a steam engine and the complexity of a computer are two different things. A computer with 4GB of RAM is in essence a state machine with 4 giga times two to the eight states, and it can change states billions of times per second.

It's a beast that's hard to tame!

Time is showing we're not all that far up the curve.

It's not all just about cost, either.

There are ways to write software that is provably correct.

The problem is there aren't enough humans to write software in that style, and probably never will be.

Thus we accept the tradeoffs of imperfect software running on imperfect hardware written by imperfect human beings according to imperfect specifications.
Wake up to find out that you are the eyes of the world
The heart has its beaches, its homeland and thoughts of its own
Wake now, discover that you are the song that the morning brings
The heart has its seasons, its evenings and songs of its own
 
User avatar
casinterest
Posts: 9944
Joined: Sat Feb 12, 2005 5:30 am

RE: Most Popular Passwords: 'Password' And '123456'

Thu Jan 22, 2015 5:08 pm

I like to use passwords based on phrases from movies or books with some oddball characters thrown in for critical apps.


Such as MG#ifos^D4V3!2oo1



For websites or other sites, I usually cycle generic passwords that I can remember.
Where ever you go, there you are.
 
User avatar
moo
Posts: 4898
Joined: Sun May 13, 2007 2:27 am

RE: Most Popular Passwords: 'Password' And '123456'

Thu Jan 22, 2015 6:14 pm

Quoting Revelation (Reply 21):
There are ways to write software that is provably correct.

The problem is there aren't enough humans to write software in that style, and probably never will be

Its not difficult to write code that won't crash, ever. But you cant afford it. No one can.

Even NASA doesn't take that approach on Mars rovers, they have off the shelf systems which have had problems in the past, and have needed patching while on Mars.

If we were to demand uncrashable code all the time, its the same as an uncrashable aircraft - can be done, but a home PC would set you back more than a billion quid. Programmers would have to go back to the days of punch card programming, where it was weeks between you writing the code and it getting to the top of the queue to be run - and 5 minutes later being plopped back into your lap with a syntax error...
 
tommy1808
Posts: 11844
Joined: Thu Nov 21, 2013 3:24 pm

RE: Most Popular Passwords: 'Password' And '123456'

Thu Jan 22, 2015 6:27 pm

Quoting moo (Reply 23):
Its not difficult to write code that won't crash, ever. But you cant afford it. No one can.

I think the SINA One Way Gateway is proveable secure.

Best regards
Thomas
This Singature is a safe space......
 
User avatar
Revelation
Topic Author
Posts: 22660
Joined: Wed Feb 09, 2005 9:37 pm

RE: Most Popular Passwords: 'Password' And '123456'

Thu Jan 22, 2015 6:28 pm

Quoting moo (Reply 23):
If we were to demand uncrashable code all the time, its the same as an uncrashable aircraft - can be done, but a home PC would set you back more than a billion quid. Programmers would have to go back to the days of punch card programming, where it was weeks between you writing the code and it getting to the top of the queue to be run - and 5 minutes later being plopped back into your lap with a syntax error...

I'm not quite getting the connection to having to use punch cards to implement a provably correct system.

As mentioned it's been done before for various avionics systems (one example I know of is the Space Shuttle's main computer back in the 70s), but it is extremely expensive.

Most of the expense comes from coming up with an absolutely clear understanding of what you are trying to do and what you will do when you encounter problems. Once you have that degree of understanding there are several practical (if not tremendously productive) ways to get a computer to do what you want it to do (again, this has been done in the real world already several times). The issue that gaining such an exact understanding of what you want to do is tremendously costly.
Wake up to find out that you are the eyes of the world
The heart has its beaches, its homeland and thoughts of its own
Wake now, discover that you are the song that the morning brings
The heart has its seasons, its evenings and songs of its own
 
User avatar
moo
Posts: 4898
Joined: Sun May 13, 2007 2:27 am

RE: Most Popular Passwords: 'Password' And '123456'

Thu Jan 22, 2015 7:39 pm

Quoting Revelation (Reply 25):
I'm not quite getting the connection to having to use punch cards to implement a provably correct system

The point was that when faced with a 2 week wait just to find out you had a bug in your code, you checked, double checked and even "ran" the code step by step to ensure it worked. Entire telephone exchanges were written this way.

But you can't write a modern system like that, its way way too complex. Add to that the fact that every modern CPU has microcode updates available and you have the makings of a house of cards.

Quoting tommy1808 (Reply 24):
I think the SINA One Way Gateway is proveable secure

Nope, because the hardware platform its on hasn't been proven secure - and its useless without the proxies, and no BSD system (the OS the proxies run on) has been proven secure, so...

Theres a difference between "proven secure" and "no known vulnerabilities" - no modern system can be proven secure simply due to the complexity involved.

Quoting Revelation (Reply 25):
As mentioned it's been done before for various avionics systems (one example I know of is the Space Shuttle's main computer back in the 70s), but it is extremely expensive

Nope. The Shuttles main computer was a cluster of five units, with four taking votes on the correct course of action, and one backup in case one of the four stepped out the acceptable parameters. The system has also glitches on missions before, albeit very rarely. Avionics FBW systems are based on similar setups, but thats not the solution we are talking about here (as clustering is already widely used in corporations for fail over and resilience).
 
57AZ
Posts: 2371
Joined: Tue Nov 02, 2004 2:55 pm

RE: Most Popular Passwords: 'Password' And '123456'

Thu Jan 22, 2015 7:50 pm

None of my passwords made that list. Mine are all specific to me and appear to others to be random letters and numbers.
"When a man runs on railroads over half of his lifetime he is fit for nothing else-and at times he don't know that."
 
User avatar
UltimateDelta
Posts: 2228
Joined: Sat Sep 29, 2007 7:56 am

RE: Most Popular Passwords: 'Password' And '123456'

Thu Jan 22, 2015 8:00 pm

Probably for the best, none of mine were on the list...I do pretty much the same stuff people have described here already. I think this Dilbert cartoon nails the situation, however:
http://dilbert.com/strip/2011-04-28
Midwest Airlines- 1984-2010

Who is online

Users browsing this forum: hkg82, WarRI1 and 54 guests

Popular Searches On Airliners.net

Top Photos of Last:   24 Hours  •  48 Hours  •  7 Days  •  30 Days  •  180 Days  •  365 Days  •  All Time

Military Aircraft Every type from fighters to helicopters from air forces around the globe

Classic Airliners Props and jets from the good old days

Flight Decks Views from inside the cockpit

Aircraft Cabins Passenger cabin shots showing seat arrangements as well as cargo aircraft interior

Cargo Aircraft Pictures of great freighter aircraft

Government Aircraft Aircraft flying government officials

Helicopters Our large helicopter section. Both military and civil versions

Blimps / Airships Everything from the Goodyear blimp to the Zeppelin

Night Photos Beautiful shots taken while the sun is below the horizon

Accidents Accident, incident and crash related photos

Air to Air Photos taken by airborne photographers of airborne aircraft

Special Paint Schemes Aircraft painted in beautiful and original liveries

Airport Overviews Airport overviews from the air or ground

Tails and Winglets Tail and Winglet closeups with beautiful airline logos