Most common password revealed - Polidicks

[QUOTE]The number one way hackers get into protected systems isn't through a fancy technical exploit. It's by guessing the password. That's not too hard when the most common password used on business systems is "Password1." There's a technical reason for Password1's popularity: It's got an upper-case letter, a number and nine characters. That satisfies the complexity rules for many systems, including the default settings for Microsoft's widely used Active Directory identity management software. Security services firm Trustwave spotlighted the "Password1" problem in its recently released "2012 Global Security Report," which summarises the firm's findings from nearly 2 million network vulnerability scans and 300 recent security breach investigations. Around 5% of passwords involve a variation of the word "password," the company's researchers found. The runner-up, "welcome," turns up in more than 1%. Easily guessable or entirely blank passwords were the most common vulnerability Trustwave's SpiderLabs unit found in its penetration tests last year on clients' systems. The firm set an assortment of widely available password-cracking tools loose on 2.5 million passwords, and successfully broke more than 200,000 of them. Verizon came up with similar results in its 2012 Data Breach Investigations Report, one of the security industry's most comprehensive annual studies. The full report will be released in several months, but Verizon previewed some of its findings at this week's RSA conference in San Francisco. Exploiting weak or guessable passwords was the top method attackers used to gain access last year. It played a role in 29% of the security breaches Verizon's response team investigated. Verizon's scariest finding was that attackers are often inside victims' networks for months or years before they're discovered. Less than 20% of the intrusions Verizon studied were discovered within days, let alone hours. Even scarier: Few companies discovered the breach on their own. More than two-thirds learned they'd been attacked only after an external party, such as a law-enforcement agency, notified them. Trustwave's findings were almost identical: Only 16% of the cases it investigated last year were internally detected. So if your password is something guessable, what's the best way to make it more secure? Make it longer. Adding complexity to your password -- swapping "password" for "p@S$w0rd" -- protects against so-called "dictionary" attacks, which automatically check against a list of standard words. But attackers are increasingly using brute-force tools that simply cycle through all possible character combinations. Length is the only effective guard against those. A seven-character password has 70 trillion possible combinations; an eight-character password takes that to more than 6 quadrillion. Even a few quadrillion options isn't a big deal for modern machines, though. Using a $1,500 computer built with off-the-shelf parts, it took Trustwave just 10 hours to harvest its 200,000 broken passwords. "We've got to get ourselves using stuff larger than human memory capacity," independent security researcher Dan Kaminsky said during an RSA presentation on why passwords don't work. He acknowledged that it's an uphill fight. Biometric authentication, smartcards, one-time key generators and other solutions can increase security, but at the cost of adding complexity. "The fundamental win of the password over every other authentication technology is its utter simplicity on every device," Kaminsky said. "This is, of course, also their fundamental failing." To top of page[/QUOTE]

Why even have a password system if you're only going to have something like Password1 or 12345?

[quote]Adding complexity to your password -- swapping "password" for "p@S$w0rd" -- protects against so-called "dictionary" attacks, which automatically check against a list of standard words.[/quote] I guess these guys have never heard of a hybrid dictionary attack.

same password i use at college, fuck you having to change it every 2 weeks

[QUOTE]Adding complexity to your password -- swapping "password" for "p@S$w0rd" -- protects against so-called "dictionary" attacks, which automatically check against a list of standard words. But attackers are increasingly using brute-force tools that simply cycle through all possible character combinations. Length is the only effective guard against those. A seven-character password has 70 trillion possible combinations; an eight-character password takes that to more than 6 quadrillion.[/QUOTE] [img]http://imgs.xkcd.com/comics/password_strength.png[/img]

Always think of Spaceballs when I see passwords like that. [media]http://www.youtube.com/watch?v=a6iW-8xPw3k[/media]

[QUOTE=Simski;35003487][img]http://imgs.xkcd.com/comics/password_strength.png[/img][/QUOTE] but then they only have to guess 4 words and they're in?

I remember my old runescape password was: "ishdiddyishdiddyiloveyou" I'd run out of space on the box, and I got so good at typing it that when people saw me do it for the first time they were like "WHART"

this just in the world is round

hey that's the password to my briefcase folder!

Who would've guessed that!

It's so obvious, it's impossible to guess!

[QUOTE=Simski;35003487][img]http://imgs.xkcd.com/comics/password_strength.png[/img][/QUOTE] Most common password among people who read xkcd revealed: 'correcthorsebatterystaple'.

[QUOTE=a-k-t-w;35003499]but then they only have to guess 4 words and they're in?[/QUOTE] That's not really how it works.

[QUOTE=Simski;35003487][img]http://imgs.xkcd.com/comics/password_strength.png[/img][/QUOTE] My passwords since I was a kid have always been like the last panel. ApplePieWar Hat hat tophat Musicfafafafa the list goes on

But if everyone starts using 3-4 words as passwords, don't hackers just change their programs, to test combinations of words instead of letters? Because then those word combinations are almost as easy to figure out as 3 letters?

My password is the lyrics to Journey's "Any Way You Want It" No one will guess it!

Oh wait, take 30.000 words, number of combinations with 4 words, 30.000^4 possibilities: 810.000.000.000.000.000 possibilities, ok i guess thats kindof secure. [editline]5th March 2012[/editline] Megafat... You... You... automerge breaker!

[QUOTE=eternalflamez;35003712]Oh wait, take 30.000 words, number of combinations with 4 words, 30.000^4 possibilities: 810.000.000.000.000.000 possibilities, ok i guess thats kindof secure. [editline]5th March 2012[/editline] Megafat... You... You... automerge breaker![/QUOTE] Shit is going down. Tonight, the alley behind your house.

I just found my new password MegafatAutomergeBreaker

[QUOTE=Simski;35003412]Why even have a password system if you're only going to have something like Password1 or 12345?[/QUOTE] Didn't Assad do some stupid shit like that?

[QUOTE=mac338;35003748]I just found my new password MegafatAutomergeBreaker[/QUOTE] This has become a farce.

1 Problem though, don't most areas where you need a password usually have a maximum character limit of like 21? MegafatAutomergeBreaker is 24 characters.

FatAutoBreak

My password was baloney but then they made me have to have number. So now it's baloney1

[QUOTE=eternalflamez;35003790]1 Problem though, don't most areas where you need a password usually have a maximum character limit of like 21? MegafatAutomergeBreaker is 24 characters.[/QUOTE] HA! I am too fat to be your password! I have won this battle!

[QUOTE=Daedulas;35003801]My password was baloney but then they made me have to have number. So now it's baloney1[/QUOTE] That's just a bunch of baloney! [editline]5th March 2012[/editline] [QUOTE=megafat;35003802]HA! I am too fat to be your password! I have won this battle![/QUOTE] You look skinny on your profile pic though. Brb trying to change my pass to MegafatAutomergeBreaker. [editline]5th March 2012[/editline] (Not really though, I can see all the banme's coming in already.)

I wonder how many combinations my 30 letter password has

If it's 30 letters, only containing a-z, 26[SUP]30[/SUP] if i am correct. [editline]5th March 2012[/editline] +- 2.8x10[SUP]42[/SUP]

[QUOTE=eternalflamez;35003855]If it's 30 letters, only containing a-z, 26[SUP]30[/SUP] if i am correct. [editline]5th March 2012[/editline] +- 2.8x10[SUP]42[/SUP][/QUOTE] That's assuming you only use lowercase. Try 52[SUP]30[/SUP] broseph. Or maybe throw in 0-9, 62[SUP]30[/SUP]