The worst passwords of 2023 are also the most common, “123456” comes in first::undefined

  • brygphilomena@lemmy.world
    link
    fedilink
    English
    arrow-up
    87
    ·
    1 year ago

    only one – “theworldinyourhand” – is virtually uncrackable. It is the number 173 most common password and would take centuries to guess using brute force.

    Not anymore. That would get moved towards the top of the rainbow table now.

    • Toribor@corndog.social
      link
      fedilink
      English
      arrow-up
      30
      ·
      1 year ago

      Pass phrases for the passwords you have to type by hand, automatically generated passwords for the things that can autofill from a password manager, MFA for everything that supports it.

      Anything less or any password reuse is just asking for trouble.

      • JustAnotherRando@lemmy.world
        link
        fedilink
        English
        arrow-up
        14
        arrow-down
        1
        ·
        1 year ago

        Yeah, using a pass phrase makes it much easier to remember on top of being more secure. But users should introduce at least a bit more complexity than that example (all lower case letters isn’t great). This1sComplexButMemorable! Is an easy example of how you can just make up a relevant sentence to what you’re using, include a range of character types for complexity and to meet requirements, and you’re good to go. Plus if you make it relevant to what you’re logging into, you’re less likely to be tempted to reuse the pass.

    • lol@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      24
      arrow-down
      1
      ·
      1 year ago

      Brute force also doesn’t necessarily mean brute forcing each character. If the password consists of relatively few dictionary words like this, it could be brute forced in a matter of minutes (depending on computation power, hash function used etc. of course).

      • JohnEdwa@sopuli.xyz
        link
        fedilink
        English
        arrow-up
        7
        ·
        edit-2
        1 year ago

        OTOH passphrases are so rarely used that other than a handful of common examples that would already be in a word list such as CorrectHorseBatteryStaple, it would be rather unlikely for anyone to bother even trying unless they are specifically trying to crack a specific password.

        So maybe don’t use a plain four word english passphrase as the admin login, but if your facebook password is ZuckerbergSucksFlaccidCock, 'tis probably fine.

    • umbrella@lemmy.ml
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Handing the security of your accounts to… mobile carriers… always felt iffy to me.