Worst passwords




The movie ‘Hackers’ lied to me.

Secret, Sex, and God aren’t on there much less the top three.


“That’s the stupidest combination I’ve ever heard of in my life! That’s the kinda thing an idiot would have on his luggage!”


did you notice that chelsea passed secret in popularity?


I use one of the top 20 as a ‘password core’, but I don’t use it in english and I put #'s and symbols around it. Weird that that particular word is so popular.


Passwords can say a lot about a person so I always made it a point to never choose a password that I would be embarrassed by in the event I ever needed to share it with someone. I no longer have that concern now that I use a password manager which generates them for me.


Some bored psychologists (there seem to be a lot lately judging by the “studies” I’m always reading about) should do a study of people who chose “fuckme” as opposed to “fuckyou”.


Note to self: change luggage combonation.


The list is probably somewhat biassed. One source of passwords is from reversing publicly available lists of password hashes – but only weak passwords can be obtained in this way, and so weak passwords will be over-represented in the total corpus of known passwords. While a great many people do use “password” as their password, it’s probably not actually as high as 4.7%.



We read articles on how to create long, random passwords - reminding us not to write them down, nor repeat them. With people having lots and lots and lots of passwords, I wonder if they really believe creators of password technology understand humans.


But “swordfish” didn’t even make the top 10,000!
Kids these days.


All password discussions (in my head) begin and end with CORRECTBATTERYHORSESTAPLE.


Hey yeah, that’s great. Also, your cable bill is late and those emails from your father-in-law…yikes!


Absolutely. Also, Chelsea, Jennifer, Hunter and Michael all really need to rethink their computer security policy.


my passwords are generated thusly

cat /dev/urandom | head -n 100 | openssl sha1 | tail -c 41



what constitutes a ‘weak’ password these days is pretty high: Unless you’re allowing Unicode passwords, anything less than about 14 characters is crackable remarkably quickly. Graphics cards, not just for making pretty pictures any more!

Also, that unsalted hashes seem to be the exception not the rule, isn’t helping the situation much.

When all said and done, the only reasonable solution is never re-use passwords ever.


Many (not all) of my passwords come from a specific generating sequence that lets me recover the old ones if I forget to change something. In recent years I started applying additional transformations to further mask what the base sequence is.


Well, not so good now that you’ve pasted it there for everyone to see, eh?


I respectfully averted my eyes to avoid seeing that password.