It is a hacker’s dream. Even in the face of repeated warnings to protect online accounts, a new study reveals that “admin” is the most commonly used password in the UK.
The second most popular, “123456”, is also unlikely to keep hackers at bay.
It’s not just a problem here – Australians, Americans and Germans also use “admin” more than any other password when accessing websites, apps and logging in to their computers. Around the world, “123456” emerges as the most popular.
I only came for the list of most popular passwords. I am disappointed.
Picked up a keyboard at the thrift with a pink sticky note on the bottom:
user:adminpass:passwordYes, someone had to write that down.
I’m their defense sometimes you have to be reminded that something that terrible was used
Luckily for me my password is ******
Edit: weird lemmy automatically replaced my password with ‘*’
Huh, let me try: hunter2
It really works! I only see ******* !
Classic
Got 'em!
The second most popular, “123456”, is also unlikely to keep hackers at bay.
That’s what I use on my luggage
You should enable MFA on your luggage
You know you say that more than likely in jest…
But that’s honestly not a terrible idea.
No, it is a terrible idea. The lock is not the weak point on the luggage, it’s the zipper.
Overall I think the weakest part of luggage is its unusually high liklihood of attack by state adversaries. :p
That’s very true! That zipper makes a great case for hard luggage that clamps closed.
Pelican I think makes really good luggage but with pelican comes the cost.
6 digits for luggage?
12345 was made popular by a documentary several years ago. So I updated my luggage.
/s
It’s a reference to Spaceballs if you were out of the loop.
I was out of the loop, thanks for the clarification.
Don’t use shit passwords. Don’t reuse passwords. Get a password manager. Use 2fa.
I reuse passwords on sites where I don’t care if my account gets breached.
On sites where it matters, I store them in a password managers.
On sites where money is managed, I keep the passwords only in my mind.
Use mfa not 2fa
The more factors, the less secure. Each one you add is another potential exploitable authentication method. It’s only as secure as the least secure MFA method you add.
I mean, how many factors do you advocate for? Two is generally plenty as long as they are good ones.
E.g a passphrase protected ssh key is solid. Similarly protected passkey is good. A TOTP with password is… Not terrible I suppose… SMS would be pretty bad…
Online or offline password manager?
Either or as long as theyre stored encrypted and decrypted on device.
Correct Horse Battery Staple
I’ve “hacked” web apps by logging in with “user - password” or something equally inane.
But, my long-time sole password of TrustNo1 should be good right??
Invent your own hashing algorithm. It’s easy, fool-proof, secure, and reusable without compromising security.
Here’s a few examples: ebay.com password is moc.y4b3-saltyboi69 lemmy.world password is dlr0w.ymm3l-saltyboi69
(These aren’t real btw)
people writing password crackers are smarter than that dude
Most compromised passwords are used by script kiddies in mass attacks, not targeted attacks by elite hacking squads. If a password fails verbatim, they just move on to the next compromised account of millions, not develop pattern recognition software to try to figure out replacement candidates for each website.
Association attacks exist in the wild.
Let’s say that this is their ebay account. In that case the reward for unlocking each account is very high, so attackers (even in mass attacks) have incentive to put in more work as long as the work cost per account hacked is less than the average reward and there is a net profit.
I assume in this day and age it’s probably also viable to use LLMs for password guessing, as long as it’s for a high value account. That unlocks a whole another can of worms and if it was me I’d never use low entropy passwords like “moc.y4b3-saltyboi69”
Perhaps this kind of password is viable if it’s for an online service that implements rate limiting, but you also have to consider the case that a site gets hacked and their encrypted database (encrypted by each user’s password) makes it onto the web. This has happened a lot recently and makes it ridiculously easy for people to throw their GPUs at the task.
You sound pretty unqualified to judge smartness.
