timetrap

Almost Army Proof.




Passwords of the world unite!


E-mail this post



Remember me (?)



All personal information that you provide here will be governed by the Privacy Policy of Blogger.com. More...



While lurking on the slashdot comment boards I found a great password auditing scheme . . .

"This is always a fun game. I won't say what site it's for, but it is adult. This is the top 20 from 600,000 expired accounts. Checking the top 1000 common passwords, I don't see a single strong one. I know, it shouldn't, since I'm grouping by count. I suspect this list will apply almost everywhere in very similar ratio's.

SELECT COUNT(pass) AS count, pass
FROM `users`
WHERE expired = 1
GROUP BY pass
ORDER BY count DESC

| count | PASSWORD |
| 1322 | password |
| 994 | 123456 |
| 824 | 12345 |
| 569 | harley |
| 536 | 696969 |
| 434 | mustang |
| 385 | qwerty |
| 355 | baseball |
| 307 | football |
| 305 | hunter |
| 305 | letmein |
| 296 | shadow |
| 294 | pussy |
| 279 | maggie |
| 276 | monkey |
| 265 | golfer |
| 260 | buster |
| 260 | 12345678 |
| 255 | bandit |
| 241 | nascar |

When a site password is compromised, the system automagically sets a strong password, and notifies the user. They get rather upset about that. I tell them, "You should have used a good password to start with." We will let them change it back to something else, but we won't let them use anything easy."



Also if you check out cirt.net, specifically this page you can find out the default passwords for over 314 vendors . . . And here is a list of defaults for applications.

Done and done.


0 Responses to “Passwords of the world unite!”

Leave a Reply

      Convert to boldConvert to italicConvert to link

 


Previous posts

Archives

Links



web counter
View My Stats