123456 password qwerty
by Volker Weber
Most common passwords list from 3 databases
Comments
Hah, I'm not that dumb - I always use ytrewq instead. Please don't tell!
"1 2 3 4 5? That's amazing! I've got the same combination on my luggage!"
;-)
Keyboard pattern based passwords FTW.
6y7u*I(O, for example. Has lower, upper, numbers and symbols. Easy to increment (just shift the pattern around on the keyboard). Patterns much easier to remember than actual characters.
Just be careful if you use a nonstandard/international/etc. keyboard.
I recommend my normal users to use a two-component password. For the first part they should select a fixed prefix like "aaa","123" or "qwe" and use it before every password. The second part should then actually be the word which they would normally use as a password. The first character of this word should be written in uppercase.
ex.
"qweMonday" --> "qweJennifer" --> "qweOxford"
"ggggMercedes" --> "ggggAudi" --> "ggggFerrari"
This creates easily remebered passwords which are still hard enough to crack.
I know a certain organization who had for years been using 123456 when creating new user IDs without any policy to force users to change their password.
They also used this for internet passwords in the Domino directory. When asked why they didn't change this or set the "more secure internet passwords" for Domino, they claimed that it was easier to troubleshoot and administer because the password hashes looked the same when it was the same password.
This changed only recently due to an unrelated security incident (miraculously).
Darn it. All of my passwords are in those lists.
Kidding, but the password that caused this incident really is.
I hope the people seriously recommending passwords that are based on keyboard patterns or, worse, prefix-word combinations, are not in charge of implementing any security policy.
