followers 21 popularity
following 0
georgejp is not in any groups


Programming And Web Developing
George J Padayatty | georgejp

Most Common Passwords

Sep 10th 2010 at 6:16 AM

The majority people are clueless as to how accounts are hacked and their passwords reflect that. If you discover anything in common with the most common passwords below you have a weak password. This is to help people choose a strong password and possibly help site admins recognize the risks. Most Common Passwords
  1. 123456, 123, 123123, 01234, 2468, 987654, etc
  2. 123abc, abc123, 246abc
  3. First Name
  4. Favorite Band
  5. Favorite Song
  6. First letter of given name then surname
  7. qwerty, asdf, and other keyboard rolls
  8. Favorite cartoon or movie character
  9. Favorite sport, or sports star
  10. Country of origin
  11. City of origin
  12. All numbers
  13. Some word in the dictionary
  14. Combining 2 dictionary words
  15. any of the above spelled backwards
  16. aaa, eee, llll, 999999, and other repeat combinations
Common Extensions
Some sites force you to have passwords with both numbers and letters. For example bob’s password is football, and the site asks him to add some numbers to it to make it valid. Here’s what people usually add.
  1. Their year of birth / marriage / graduation (or expected grad) from HS or college
  2. 007
  3. 0 – 9
  4. 69
  5. 000, 111, 4444 or other long combinations
  6. 123456, 123, 123123, 01234 and other retarded combinations
Years are usually added in different ways: football85, football1985, football04 instead of football4. There’s also the possibility of sub-connections like football_04 and football-84. Many sites require both numbers and letters so these are a more likely occurance since people tend to want to have the same pass for everything. My opinion on an Ideal password
Mixed numbers and letters over 8 characters long. Memorize it once, use it forever. How long it takes to hack a password
If they have hacked and downloaded the entire database it’s 10000 times faster than if they send requests guessing your passwords on certain websites. Most decent comps can check easily thousands possibilities per second. Words in the Dictionary
you will get hacked fast, still if you use foreign words. Numbers
If you have an all numbers password it’s much quicker to break than if it were varied. Instead of having a very big array of words in memory and selecting an index from it, or even worse reading from disk every few seconds in a buffer, having a number just requires the computer to do what computers do fastest, count. A decent computer can easily do any number under 10 million in a few minutes. Adding together 0s to the front of the number can help, but not really. A second pass with any number of 0s can be done afterwards. Maybe if you made it your zipcode + your best friends number or something VERY long it would be strong enough. All Random letters Every possible combination of three letter words is only around seventeen thousand while every possible four letter word combination is 456976. It grows exponentially every time you increase just one letter. Most sites recommend 8 characters or more for a strong password. Adding just 1 number to your password helps immensely. How hackers usually obtain your password Most malicious hackers just wait for security update news. Whenever some forum or cms software like drupal, vbulletin, phpbb or invision board releases a security update, they try and find what the discovered exploit was. They google search for forums that may have the affected system and use the exploit. Forums can give tons of emails / passwords. The ones who are skilled enough and actively attempt to discover the exploits are more rare. Even worse is when the skilled programmers make simple automated exploit programs for script kiddies to use without even understanding the code. This is where the majority of the attacks come from, losers that use programs made by hacker and call themselves hackers. It’s super rare that you would be targeted or your password has been hacked from large sites like google, hotmail or myspace. Most of the big sites have CAPCHAS and DDoS protection, which cripples speed, It’s more likely they hacked some other site that you long forgot about and found more passwords in your email. Most people get hacked from phishing attacksor other forms of social engineering rather than real hackers. People also get Trojans from opening email extensions and downloading pirate stuff off p2p without a decent antivirus. Hackers with skills enough to find open ports / exploit them and get shell access are much more rare than people claim. How are passwords stored in a website
Most are stored as MD5 hashes. If your password is stored without encryption you are screwed if they get screwed. It doesn’t matter how long your password is. Websites like the pirate bay and stage6 have gotten their passwords stolen; don’t think it can’t happen to big sites.

Please to comment
Nov 10th 2011 at 9:46 AM by LonnieG
Very interesting ... also a shame so much time and effort is required in order to try to co-exist with those of malicious intent.

sign in

Remember Me

New to IM faceplate? join free!

Lost Password? click here