NordPass has published their 2023 edition of the top 200 most common passwords and unsurprisingly very few of the entries are secure. The top 10 can all...
The worst passwords of 2023 are also the most common, “123456” comes in first::undefined
only one – “theworldinyourhand” – is virtually uncrackable. It is the number 173 most common password and would take centuries to guess using brute force.
Not anymore. That would get moved towards the top of the rainbow table now.
Pass phrases for the passwords you have to type by hand, automatically generated passwords for the things that can autofill from a password manager, MFA for everything that supports it.
Anything less or any password reuse is just asking for trouble.
Yeah, using a pass phrase makes it much easier to remember on top of being more secure. But users should introduce at least a bit more complexity than that example (all lower case letters isn’t great). This1sComplexButMemorable! Is an easy example of how you can just make up a relevant sentence to what you’re using, include a range of character types for complexity and to meet requirements, and you’re good to go. Plus if you make it relevant to what you’re logging into, you’re less likely to be tempted to reuse the pass.
Brute force also doesn’t necessarily mean brute forcing each character. If the password consists of relatively few dictionary words like this, it could be brute forced in a matter of minutes (depending on computation power, hash function used etc. of course).
OTOH passphrases are so rarely used that other than a handful of common examples that would already be in a word list such as CorrectHorseBatteryStaple, it would be rather unlikely for anyone to bother even trying unless they are specifically trying to crack a specific password.
So maybe don’t use a plain four word english passphrase as the admin login, but if your facebook password is ZuckerbergSucksFlaccidCock, 'tis probably fine.
Not anymore. That would get moved towards the top of the rainbow table now.
Pass phrases for the passwords you have to type by hand, automatically generated passwords for the things that can autofill from a password manager, MFA for everything that supports it.
Anything less or any password reuse is just asking for trouble.
Yeah, using a pass phrase makes it much easier to remember on top of being more secure. But users should introduce at least a bit more complexity than that example (all lower case letters isn’t great). This1sComplexButMemorable! Is an easy example of how you can just make up a relevant sentence to what you’re using, include a range of character types for complexity and to meet requirements, and you’re good to go. Plus if you make it relevant to what you’re logging into, you’re less likely to be tempted to reuse the pass.
ThisIsMyMotherfuckingHotmailPassword!
Is an incredibly secure password for Hotmail. And super memorable.
Brute force also doesn’t necessarily mean brute forcing each character. If the password consists of relatively few dictionary words like this, it could be brute forced in a matter of minutes (depending on computation power, hash function used etc. of course).
OTOH passphrases are so rarely used that other than a handful of common examples that would already be in a word list such as CorrectHorseBatteryStaple, it would be rather unlikely for anyone to bother even trying unless they are specifically trying to crack a specific password.
So maybe don’t use a plain four word english passphrase as the admin login, but if your facebook password is ZuckerbergSucksFlaccidCock, 'tis probably fine.
Is that better or worse than an erect one, from an insult point of view?
48736915208 No son, you’re not watching YouTube.
Handing the security of your accounts to… mobile carriers… always felt iffy to me.