Most people are clueless as to how accounts are hacked and their passwords reflect that. If you find anything in common with the most common passwords below you have a weak password. This is to help people choose a strong password and possibly help site admins understand the risks.
Most Common Passwords
- 123456, 123, 123123, 01234, 2468, 987654, etc
- 123abc, abc123, 246abc
- First Name
- Favorite Band
- Favorite Song
- first letter of given name then surname
- qwerty, asdf, and other keyboard rolls
- Favorite cartoon or movie character
- Favorite sport, or sports star
- Country of origin
- City of origin
- All numbers
- Some word in the dictionary
- Combining 2 dictionary words
- any of the above spelled backwards
- aaa, eee, llll, 999999, and other repeat combinations
Common Extensions
Some sites force you to have passwords with both numbers and letters. For example bob's password is football, and the site asks him to add some numbers to it to make it valid. Here's what people usually add.
- Their year of birth / marriage / graduation (or expected grad) from HS or college
- 007
- 0 - 9
- 69
- 000, 111, 4444 or other long combinations
- 123456, 123, 123123, 01234 and other retarded combinations
Years are usually added in different ways: football85, football1985, football04 instead of football4. There's also the possibility of sub-connections like football_04 and football-84. Many sites require both numbers and letters so these are a more likely occurance since people tend to want to have the same pass for everything.
My opinion on an Ideal password
Mixed numbers and letters over 8 characters long. Memorize it once, use it forever.
How long it takes to hack a password
If they have hacked and downloaded the entire database it's 10000 times faster than if they send requests guessing your passwords on certain websites. Most decent comps can check easily thousands possibilities per second.
Words in the Dictionary
You'll get hacked fast, even if you use foreign words.
Numbers
If you have an all numbers password it's much faster to crack than if it were mixed. Instead of having a massive array of words in memory and selecting an index from it, or even worse reading from disk every few seconds in a buffer, having a number just requires the computer to do what computers do fastest, count. A decent computer can easily do any number under 10 million in a few minutes. Adding 0s to the front of the number can help, but not really. A second pass with any number of 0s can be done afterwards. Maybe if you made it your zipcode+your best friends number or something VERY long it would be strong enough.
All Random letters
Every possible combination of 3 letter words is only around 17000 while every possible 4 letter word combination is 456976. It grows exponentially every time you increase just one letter. Most sites recommend 8 characters or more for a strong password. Adding just 1 number to your password helps immensely.
How hackers usually obtain your password
Most malicious hackers just wait for security update news. Whenever some forum or cms software like drupal, vbulletin, phpbb or invision board releases a security update, they try and find what the discovered exploit was. They google search for forums that may have the affected system and use the exploit. Forums can give tons of emails / passwords.
The ones who are skilled enough and actively attempt to discover the exploits are more rare.
Even worse is when the skilled programmers make simple automated exploit programs for script kiddies to use without even understanding the code. This is where the majority of the attacks come from, losers that use programs made by hacker and call themselves hackers.
It's super rare that you would be targeted or your password has been hacked from large sites like google, hotmail or myspace. Most of the big sites have capchas and DDoS protection, which cripples speed, It's more likely they hacked some other site that you long forgot about and found more passwords in your email. Most people get hacked from phising attempts rather than real hackers. People also get trojans from opening email extensions and downloading pirate stuff off p2p without a decent antivirus. Hackers with skills enough to find open ports / exploit them and get shell access are much more rare than people claim.
How are passwords stored in a website
Most are stored as md5 hashes. If your password is stored without encryption you are screwed if they get screwed. It doesn't matter how long your password is. Sites like thepiratebay and stage6 have gotten their passwords stolen, don't think it can't happen to big sites. You can tell if a site encrypts your password by using their password recovery form. If it gives you your password your password is not encrypted. If it asks you to enter a new one or it generates a password for you, it has your password encrypted.
Dangers of md5
Sites like milw0rm and plain-text have millions, maybe billions of precomputed hash values in what are called rainbow tables. People can enter hashes in limited quantities to put on queue for cracking. md5 is a one-way hash, meaning it can't be decrypted. Instead, they try every possible combination in a limited range. You still should be ok if your pass is over 8 characters long. Some sites do double md5s or concatenate md5 encrypted passwords with an encrypted "salted" value, then encrypt the whole thing again. This prevents rainbow tables, but does not prevent brute force attacks.
What is hacking
Contrary to popular belief and the Hollywood culture, hackers are just people that can manipulate things on a bits and bytes level. They're excellent programmers and the majority do not engage in illegal activity. Making something do what it wasn't intended to is exploiting, not hacking.
Leave a Comment
adan at 12:43am on Nov. 16, 2009
4 days ago
http://www.nike-star-shoes.com nike star shoes
http://www.nike-star-shoes.com nike all star shoes
http://www.nike-star-shoes.com NBA star shoes
http://www.nike-star-shoes.com nike basketball shoes
http://www.nike-star-shoes.com/Michael_Jackson_Memorial.html Michael Jackson Memorial
http://www.nike-star-shoes.com/Air_Pippen_I.html Air Pippen I
http://www.nike-star-shoes.com/Barry_Sanders_Zoom_Turf.html Barry Sanders Zoom Turf
http://www.nike-star-shoes.com/Charles_Barkley.html Charles Barkley
http://www.nike-star-shoes.com/Dennis_Rodman.html Dennis Rodman
http://www.nike-star-shoes.com/Huarache_08_BBall.html Huarache 08 BBall
http://www.nike-star-shoes.com/Kevin_Garnett.html Kevin Garnett
http://www.nike-star-shoes.com/Kobe_Bryant.html Kobe Bryant
http://www.nike-star-shoes.com/LeBron_James.html LeBron James
http://www.nike-star-shoes.com/Max_Tempo_2_Duke_Blue_Devils.html Max Tempo 2 Duke Blue Devils
http://www.nike-star-shoes.com/Nike_Air_2_Strong.html Nike Air 2 Strong
http://www.nike-star-shoes.com/Nike_Air_Assault_High.html Nike Air Assault High
http://www.nike-star-shoes.com/Nike_Air_Bound.html Nike Air Bound
http://www.nike-star-shoes.com/Nike_Air_Darwin.html Nike Air Darwin
http://www.nike-star-shoes.com/Nike_Air_Foamposite.html Nike Air Foamposite
http://www.nike-star-shoes.com/Nike_Air_Force_180.html Nike Air Force 180
http://www.nike-star-shoes.com/Nike_Air_Force_25_Supreme.html Nike Air Force 25 Supreme
http://www.nike-star-shoes.com/Dream_Team.html Dream Team
http://www.nike-star-shoes.com/Kevin_Garnett6.html Kevin Garnett6
http://www.nike-star-shoes.com/William_Anthony_Parker3.html William Anthony Parker3
http://www.nike-star-shoes.com/Paul_Pierce.html Paul Pierce
http://www.nike-star-shoes.com/William_Anthony_Parker4.html William Anthony Parker4
http://www.nike-star-shoes.com/Steve_Nash.html Steve Nash
http://www.nike-star-shoes.com/Vince_Carter.html Vince Carter
http://www.nike-star-shoes.com/Tracy_McGrady.html Tracy McGrady
http://www.nike-star-shoes.com/Tracy_McGrady8.html Tracy McGrady8
http://www.nike-star-shoes.com/Kevin_Garnett.html Kobe Bryant shoes
http://www.nike-star-shoes.com/Kevin_Garnett.html Kobe shoes
http://www.nike-star-shoes.com/Kevin_Garnett.html Bryant shoes
http://www.nike-star-shoes.com/Charles_Barkley.html Charles Barkley shoes
http://www.nike-star-shoes.com/Charles_Barkley.html Barkley shoes
http://www.nike-star-shoes.com/LeBron_James.html LeBron James shoes
http://www.nike-star-shoes.com/LeBron_James.html LeBron shoes
http://www.nike-star-shoes.com/LeBron_James.html James shoes
http://www.nike-star-shoes.com/William_Anthony_Parker3.html Parker shoes
http://www.nike-star-shoes.com/Steve_Nash.html Steve Nash shoes
http://www.nike-star-shoes.com/Steve_Nash.html Nash shoes
http://www.nike-star-shoes.com/Vince_Carter.html Carter shoes Reply...
adan at 12:42am on Nov. 16, 2009
4 days ago
http://www.uggboots-home.net Ugg Boots
http://www.uggboots-home.net Ugg Shoes
http://www.uggboots-home.net Uggs
http://www.uggboots-home.net Ugg Sheepskin Boots
http://www.uggboots-home.net Ugg Australia Boots
http://www.uggboots-home.net/Ugg-Bailey-Button.html Bailey Button UGG Boots
http://www.uggboots-home.net/Ugg-Bailey-Button.html Ugg Bailey Button
http://www.uggboots-home.net/Cardy-Ugg-Boots.html Classic Cardy Ugg Boots
http://www.uggboots-home.net/Cardy-Ugg-Boots.html Cardy Ugg Boots
http://www.uggboots-home.net/Cardy-Ugg-Boots.html Ugg Classic Cardy
http://www.uggboots-home.net/Mini-Ugg-Boots.html Classic Mini Ugg Boots
http://www.uggboots-home.net/Mini-Ugg-Boots.html Mini Ugg Boots
http://www.uggboots-home.net/UGG-Classic-Short-Boots.html Classic Short Ugg Boots
http://www.uggboots-home.net/UGG-Classic-Short-Boots.html UGG Classic Short Boots
http://www.uggboots-home.net/Tall-Ugg-Boots.html Classic Tall Ugg Boots
http://www.uggboots-home.net/Tall-Ugg-Boots.html Tall Ugg Boots
http://www.uggboots-home.net/Kids-Ugg-Boots.html Infant Erin Ugg Boots
http://www.uggboots-home.net/Kids-Ugg-Boots.html Kids Ugg Boots
http://www.uggboots-home.net/Ugg-Nightfall.html Nightfall Ugg Boots
http://www.uggboots-home.net/Ugg-Nightfall.html Ugg Nightfall
http://www.uggboots-home.net/Ugg-Metallic-Boots.html Short Metallic Ugg Boots
http://www.uggboots-home.net/Ugg-Metallic-Boots.html Ugg Metallic Boots
http://www.uggboots-home.net/Sundance-II-Ugg-Boots.html Sundance II Ugg Boots
http://www.uggboots-home.net/Tall-Metallic-Ugg-Boots.html Tall Metallic Ugg Boots
http://www.uggboots-home.net/Amelie-Suede-Sandals-Uggs.html UGG Amelie Suede Sandals
http://www.uggboots-home.net/Amelie-Suede-Sandals-Uggs.html Amelie Suede Sandals Uggs
http://www.uggboots-home.net/UGG-Fluff-Flip-Flop.html UGG Fluff Flip Flop
http://www.uggboots-home.net/Tasmina-Braid-Sandals-Boots.html UGG Tasmina Braid Sandals
http://www.uggboots-home.net/Tasmina-Braid-Sandals-Boots.html Tasmina Braid Sandals Boots
http://www.uggboots-home.net/UGG-Tasmina-Sandals.html UGG Tasmina Sandals
http://www.uggboots-home.net/Ultra-Short-Ugg-Boots.html Ultra Short Ugg Boots
http://www.uggboots-home.net/Ultra-Uggs.html Ultra Tall Ugg Boots
http://www.uggboots-home.net/Ultra-Uggs.html Ultra Uggs Reply...
bluloo22 at 10:06am on Nov. 2, 2009
17 days ago
Crazy! I can't believe people would make their passwords so predictable. That's a good way to get your identity stolen. http://www.articleblast.com/Money_and_Finance/Credit/Protecting_My_Credit_Health_from_Fraud/ Reply...
femmewagner at 10:16pm on Oct. 26, 2009
24 days ago
i know that all passwords are related to their birth dates Reply...
uggs at 9:01am on Oct. 22, 2009
29 days ago
http://www.uggbootspace.com
http://www.uggbootspace.com/Bailey-Button-Uggs.html
http://www.uggbootspace.com/Classic-Cardy-Uggs.html
http://www.uggbootspace.com/Classic-Mini-Uggs.html
http://www.uggbootspace.com/Classic-Short-Uggs.html
http://www.uggbootspace.com/Classic-Tall-Uggs.html
http://www.uggbootspace.com/Infant-Erin-Uggs.html
http://www.uggbootspace.com/Nightfall-Uggs.html
http://www.uggbootspace.com/Short-Metallic-Uggs.html
http://www.uggbootspace.com/Sundance-II-Uggs.html
http://www.uggbootspace.com/Tall-Metallic-Uggs.html
http://www.uggbootspace.com/Amelie-Suede-Sandals-Uggs.html
http://www.uggbootspace.com/Fluff-Flip-Flop-Uggs.html
http://www.uggbootspace.com/Tasmina-Braid-Sandals-Uggs.html
http://www.uggbootspace.com/Tasmina-Sandals-Uggs.html
http://www.uggbootspace.com/Ultra-Short-Uggs.html
http://www.uggbootspace.com/Ultra-Tall-Uggs.html Reply...
genemacy at 7:42pm on Aug. 18, 2009
3 months ago
The hands down best source for security news and password help:
https://www.grc.com/passwords.htm Reply...
wyl2010 at 1:35am on Apr. 12, 2009
7 months ago
some website:
http://add.yosgold.com
http://height.yosgold.com
http://ibbs.yosgold.com
http://name.yosgold.com
http://nasd.yosgold.com
http://nyse.yosgold.com
http://sgear.yosgold.com
http://telnum.yosgold.com
http://website.yosgold.com
http://weight.yosgold.com
http://wikipedia.yosgold.com
http://zodiac.yosgold.com Reply...
fluffysamantha at 9:10am on Apr. 17, 2008
about 1 year ago
I tried combinations of characters..like letters, and numbers Reply...
Malcolm at 12:35pm on Apr. 4, 2008
about 1 year ago
I have been thinking for a while now, like you said, that I should make up a secure password and remember it forever. My password is not as secure as it should be as I now so plainly see from your input here. Thanks Jimmy! Reply...
bacitracin at 2:20pm on Mar. 25, 2008
about 1 year ago
This reminds me, I should update my passwords soon. Reply...