You definitely don’t want to be using these
I am really surprised some common shit is not there, like hello, hello1234, abcd1234 (and other perms have numbers in front, etc)
The thumbnail shows “assword” so I’ll upvote.
Monkey 🐵
Hunter2 or gtfo
All I see is *********
All I’m seeing is asterisks
It censors your password in real time. Check it out: **********
Nice thats usefull hunter2
So i guess p@s5w0RD123pA55wOrD would be super strong.
I just see *******************
Need your credit card number and the 3 digit number at the back of the card to see what i typed.
From my experience brute forcing passwords, no. It’s smart enough to try character substitutions and it annoys me so much that the FBI recommends this practice.
Wait it’s not? I remember some people in the industry recommend this sort of password albeit with variation of other random words as it’s pretty strong and would take a very long time to crack.
Indeed, just four impersonal words is a great password. Mix up the capitalization and it’s even better.
If it’s a bunch of words found in any dictionary then with or without character substitution it’ll be easy to crack.
It’s not. A dictionary has on the order of ≈100,000 (10^5) words in it. Picking five words entirely at random gives you 10^25 combinations, which is about the complexity of 14 alphanumeric characters. So pretty secure.
That’s true for a dictionary of 10^5 words. However the xkcd comic assumes a 2048 word dictionary, which only gives you 1.75 x 10^13 combinations. If your password is hashed with a weak algorithm, that can be cracked in minutes on a decent GPU. Luckily that can be fixed with just a few more words; 7 words gives you 1.5 x 10^23 combinations.
I don’t really like the xkcd comic because it says the user shouldn’t be worried about offline attacks on hashed passwords. Unless you have a unique password for every service (best practice, but too much for the average user) using a password that is weak to offline attacks puts your other accounts at risk if one service has their password hashes leaked. Which does happen, a lot.
That’s okay at best. Better if a passphrase, just random, impersonal words, something like this (~50 bits of entropy):
“virtual raging vineyard clad runner”
Best is a long, completely random string, stored in the password manager that you should be using anyways ~150 bits of entropy):
“hX0hZ1QTWtQo(h[Ta9jH]TmsVIhUTgSE”
I did use a password manager, but issue is i still need password for the password manager so it can’t be random lol.
I just generated a 16 character random password and practiced typing it for a while; eventually it just becomes muscle memory.
Honestly use Bitwarden
Password now set to “Bitwarden”
Mine is “masterpassword”
A normie ready solution, Foss chads will self host tho
Bitwarden is FOSS… and you can self host it easily with Vaultwarden.
Hackers (1995) taught me the four most commonly used passwords are “love”, “sex”, “'secret”, and “god”.
“secret” is there. “iloveyou” has love in it.
I wonder how true that actually was in the 90s.
Before password composition rules, those were actually quite common, as well as passwords that were just the same as the username. Heck, it wasn’t until that long ago that router manufacturers used to ship with admin/admin as the default credentials.
Yeah, now in this enlightened future, they’ve ascended to admin/password. 😶
Honestly every networking company that couldn’t be bothered to ship with randomized creds physically embedded/etched somewhere on the device should’ve probably went out of business. The cost has always been minimal and the increased security value has always been readily apparent.
Hack the planet.
At least it isn’t always Swordfish!
Operation suck his dick while he hacks the feds.
Such a great movie.
Mine is Secretsexgodoflove69!
according to data from the password security website called NordPass all of which would take a hacker less than a second to crack. Take a look at this quality design to learn about popular passwords that you definitely shouldn’t use such as 123456 which was used 3 million times, 123456789 which was used 1.6 million times, 12345678 which was used 885 thousand times, “password” which was used 692 thousand times and qwerty123 which was used 643 thousand times.
Is it normal for a password manager to be able to recognize which passwords are being used? Does this reflect badly on NordPass?
They didn’t pull this data from their own users, but rather from six public leaks.
1-2-3-4-5-6!? That’s the same code I use on my luggage!
I’m surrounded by assholes!
Pick password Unga. Monkey.
I see password and password1
Mfw I’m sittin’ safe all the way down here at password69 😎
1Frog_isDancingOnMyPizzaNow!
W3!rd_tOpPing
I laughed at my phone in public.
I’m a little surprised not to see “changeme” on this list.
The default ca cert store password in Java is “changeit”
What’s with dragon and monkey?
Because dragons are cool and monkeys are funny.
Can’t argue with that. 🤷🏻♂️
Really surprised my old one isn’t on there. Dontknow.
