How safe is my password?

[Asbo Zaprudder]

arrayOfPasswords[4] = ['1234','cool','1313','star','golf','bear','dave','pass','aaaa','6969','jake','matt','1212','fish',
'f*ck','4444','2112','fred','mike','1111','t*ts','paul','mine','king','fire','5555','slut','girl','2222',
'asdf','time','7777','rock','xxxx','ford','dick','bill','wolf','blue','alex','cock','beer','eric','6666','jack'];

I've censored the rude words per board rules. '1234' is there; I don't know if your name is.

 

[Aragorn]

That site really isn't very scientific. I just typed in the same letter over and over again, and the more times I did it the "harder to crack" it became.

 

[Trekker4747]

arrayOfPasswords[4] = ['1234','cool','1313','star','golf','bear','dave','pass','aaaa','6969','jake','matt','1212','fish',
'f*ck','4444','2112','fred','mike','1111','t*ts','paul','mine','king','fire','5555','slut','girl','2222',
'asdf','time','7777','rock','xxxx','ford','dick','bill','wolf','blue','alex','cock','beer','eric','6666','jack'];

I've censored the rude words per board rules. '1234' is there; I don't know if your name is.

There are no board rules regarding rude words. (Unless those "rude words" are racial slurs.)

 

[Asbo Zaprudder]

arrayOfPasswords[4] = ['1234','cool','1313','star','golf','bear','dave','pass','aaaa','6969','jake','matt','1212','fish',
'f*ck','4444','2112','fred','mike','1111','t*ts','paul','mine','king','fire','5555','slut','girl','2222',
'asdf','time','7777','rock','xxxx','ford','dick','bill','wolf','blue','alex','cock','beer','eric','6666','jack'];

I've censored the rude words per board rules. '1234' is there; I don't know if your name is.

There are no board rules regarding rude words. (Unless those "rude words" are racial slurs.)

Ah yes, wrong board then. Anyway, the creator of this code claims that these are some of the 500 most commonly used passwords -- how does he know? I tnink that claim is dubious, anglocentric, and probably pulled out of his b*tt.

 

[Holdfast]

arrayOfPasswords[8] = ['firebird','password','12345678','steelers','mountain','computer','baseball',
'xxxxxxxx','football','qwertyui','jennifer','danielle','sunshine','starwars',
'whatever','nicholas','swimming','trustno1','midnight','princess','startrek',
'mercedes','superman','bigdaddy','maverick','einstein','dolphins','hardcore',
'redwings','cocacola','michelle','victoria','corvette','butthead','marlboro',
'srinivas','internet','redskins','11111111','access14','rush2112','scorpion',
'iloveyou','samantha','mistress'];

arrayOfPasswords[4] = ['1234','cool','1313','star','golf','bear','dave','pass','aaaa','6969','jake','matt','1212','fish',
'f*ck','4444','2112','fred','mike','1111','t*ts','paul','mine','king','fire','5555','slut','girl','2222',
'asdf','time','7777','rock','xxxx','ford','dick','bill','wolf','blue','alex','cock','beer','eric','6666','jack'];

These are some funny shit.

Anyway, the creator of this code claims that these are some of the 500 most commonly used passwords -- how does he know? I tnink that claim is dubious, anglocentric, and probably pulled out of his b*tt.

It's kind of disappointing butt isn't in the top 500.

 

[Goliath]

Apparently, it would take a desktop PC 163 days to crack the password "outofmyass"

 

[PlainSimpleJoel]

3 years. Maybe time for a new password. Need to think of a longer password.

 

[Aragorn]

"passwordismypassword" will take 63 trillion years to crack?

 

[Asbo Zaprudder]

These are some funny shit.

This is the complete array of passwords of different lengths. I have no idea where SHC got these from. They look to be US-centric rather than UK-centric.

arrayOfPasswords[3] = ['god','sex'];

arrayOfPasswords[4] = ['1234','cool','1313','star','golf','bear','dave','pass','aaaa','6969',
'jake','matt','1212','fish','fuck','porn','4321','2000','4128','test',
'shit','love','baby','cunt','mark','3333','john','sexy','5150','4444',
'2112','fred','mike','1111','tits','paul','mine','king','fire','5555','slut',
'girl','2222','asdf','time','7777','rock','xxxx','ford','dick','bill','wolf',
'blue','alex','cock','beer','eric','6666','jack'];

arrayOfPasswords[5] = ['beach','great','black','pussy','12345','frank','tiger','japan',
'money','naked','11111','angel','stars','apple','porno','steve',
'viper','horny','ou812','kevin','buddy','teens','young','jason',
'lucky','girls','lover','brian','kitty','bubba','happy','cream',
'james','xxxxx','booty','kelly','boobs','penis','eagle','white',
'enter','chevy','smith','chris','green','sammy','super','magic',
'power','enjoy','scott','david','video','qwert','paris','women',
'juice','dirty','music','peter','bitch','house','hello','billy','movie'];

arrayOfPasswords[6] = ['123456','prince','guitar','butter','jaguar','united','turtle',
'muffin','cooper','nascar','redsox','dragon','zxcvbn','qwerty',
'tomcat','696969','654321','murphy','987654','amanda','brazil',
'wizard','hannah','lauren','master','doctor','eagle1','gators',
'squirt','shadow','mickey','mother','monkey','bailey','junior',
'nathan','abc123','knight','alexis','iceman','fuckme','tigers',
'badboy','bonnie','purple','debbie','angela','jordan','andrea',
'spider','harley','ranger','dakota','booger','iwantu','aaaaaa',
'lovers','player','flyers','suckit','hunter','beaver','morgan',
'matrix','boomer','runner','batman','scooby','edward','thomas',
'walter','helpme','gordon','tigger','jackie','casper','robert',
'booboo','boston','monica','stupid','access','coffee','braves',
'xxxxxx','yankee','saturn','buster','gemini','barney','apples',
'soccer','rabbit','victor','august','hockey','peanut','tucker',
'killer','canada','george','johnny','sierra','blazer','andrew',
'spanky','doggie','232323','winter','zzzzzz','brandy','gunner',
'beavis','compaq','horney','112233','carlos','arthur','dallas',
'tennis','sophie','ladies','calvin','shaved','pepper','giants',
'surfer','fender','samson','austin','member','blonde','blowme',
'fucked','daniel','donald','golden','golfer','cookie','summer',
'bronco','racing','sandra','hammer','pookie','joseph','hentai',
'joshua','diablo','birdie','maggie','sexsex','little','biteme',
'666666','topgun','ashley','willie','sticky','cowboy','animal',
'silver','yamaha','qazwsx','fucker','justin','skippy','orange',
'banana','lakers','marvin','merlin','driver','rachel','marine',
'slayer','angels','asdfgh','bigdog','vagina','apollo','cheese',
'toyota','parker','maddog','travis','121212','london','hotdog',
'wilson','sydney','martin','dennis','voodoo','ginger','magnum',
'action','nicole','carter','erotic','sparky','jasper','777777',
'yellow','smokey','dreams','camaro','xavier','teresa','freddy',
'secret','steven','jeremy','viking','falcon','snoopy','russia',
'taylor','nipple','111111','eagles','131313','winner','tester',
'123123','miller','rocket','legend','flower','theman','please',
'oliver','albert'];

arrayOfPasswords[7] = ['porsche','rosebud','chelsea','amateur','7777777','diamond',
'tiffany','jackson','scorpio','cameron','testing','shannon',
'madison','mustang','bond007','letmein','michael','gateway',
'phoenix','thx1138','raiders','forever','peaches','jasmine',
'melissa','gregory','cowboys','dolphin','charles','cumshot',
'college','bulldog','1234567','ncc1701','gandalf','leather',
'cumming','hunting','charlie','rainbow','asshole','bigcock',
'fuckyou','jessica','panties','johnson','naughty','brandon',
'anthony','william','ferrari','chicken','heather','chicago',
'voyager','yankees','rangers','packers','newyork','trouble',
'bigtits','winston','thunder','welcome','bitches','warrior',
'panther','broncos','richard','8675309','private','zxcvbnm',
'nipples','blondes','fishing','matthew','hooters','patrick',
'freedom','fucking','extreme','blowjob','captain','bigdick',
'abgrtyu','chester','monster','maxwell','arsenal','crystal',
'rebecca','pussies','florida','phantom','scooter','success'];

arrayOfPasswords[8] = ['firebird','password','12345678','steelers','mountain',
'computer','baseball','xxxxxxxx','football','qwertyui','jennifer',
'danielle','sunshine','starwars','whatever','nicholas','swimming',
'trustno1','midnight','princess','startrek','mercedes','superman',
'bigdaddy','maverick','einstein','dolphins','hardcore','redwings',
'cocacola','michelle','victoria','corvette','butthead','marlboro',
'srinivas','internet','redskins','11111111','access14','rush2112',
'scorpion','iloveyou','samantha','mistress'];

 

[Deckerd]

Some of those are great.

I ran a messageboard for teachers for a few years and when they registered I would send them an email saying their password was "changeme" with a note after it saying that was an instruction. The number of them that left it like that was amazing.

 

[YellowSubmarine]

That's correct only for unoptimized brute force.

A person determined to crack passwords could construct a method that orders the search space going from more likely passwords to less unlikely, instead of using mere brute force it first goes over passwords constructed from dictionary words, then adds numbers, changes letters to symbols, prefers words that construct phrases that can be found on the Internet, etc.

Such method would crack "passwordismypassword" pretty easily.

Even passwords composed of random strokes follow a pattern because a person never randomly hits the keys and the method could compensate for that.

Normal password: MyD0gLikeSTORUNandB4rkW00f
Random strokes: AKZ9AM10)8zA0a_a9asMa*Ma90 (and my random stokes are more random than the average person random strokes)
Truly random password: CAeDtG5Z!1$Hd0(8Rkf24raKIB

“It would take about 17,884 nonillion years for a desktop PC to crack” the last password. The second one would be found significantly sooner because the algorithm would know to search for passwords with patterns first though you'll still be dead by then. The first one can be found much much much much sooner.


I have guesses a 13 letter password with capital letters and digits in it from the first try – I just knew the person.

 

[Asbo Zaprudder]

List of passwords in order:

1111
1212
1234
1313
2000
2112
2222
3333
4128
4321
4444
5150
5555
6666
6969
7777
11111
12345
40391
111111
112233
121212
123123
123456
131313
232323
654321
666666
696969
777777
987654
1234567
7777777
8675309
11111111
12345678
aaaa
aaaaaa
abc123
abgrtyu
access
access14
action
albert
alex
alexis
amanda
amateur
andrea
andrew
angel
angela
angels
animal
anthony
apollo
apple
apples
arsenal
arthur
asdf
asdfgh
ashley
asshole
austin
baby
badboy
bailey
banana
barney
baseball
batman
beach
bear
beaver
beavis
beer
bigcock
bigdaddy
bigdick
bigdog
bigtits
bill
billy
birdie
bitch
bitches
biteme
black
blazer
blonde
blondes
blowjob
blowme
blue
bond007
bonnie
booboo
boobs
booger
boomer
booty
boston
brandon
brandy
braves
brazil
brian
bronco
broncos
bubba
buddy
bulldog
buster
butter
butthead
calvin
camaro
cameron
canada
captain
carlos
carter
casper
charles
charlie
cheese
chelsea
chester
chevy
chicago
chicken
chris
cocacola
cock
coffee
college
compaq
computer
cookie
cool
cooper
corvette
cowboy
cowboys
cream
crystal
cumming
cumshot
cunt
dakota
dallas
daniel
danielle
dave
david
debbie
dennis
diablo
diamond
dick
dirty
doctor
doggie
dolphin
dolphins
donald
dragon
dreams
driver
eagle
eagle1
eagles
edward
einstein
enjoy
enter
eric
erotic
extreme
falcon
fender
ferrari
fire
firebird
fish
fishing
florida
flower
flyers
football
ford
forever
frank
fred
freddy
freedom
fuck
fucked
fucker
fucking
fuckme
fuckyou
gandalf
gateway
gators
gemini
george
giants
ginger
girl
girls
god
golden
golf
golfer
gordon
great
green
gregory
guitar
gunner
hammer
hannah
happy
hardcore
harley
heather
hello
helpme
hentai
hockey
hooters
horney
horny
hotdog
house
hunter
hunting
iceman
iloveyou
internet
iwantu
jack
jackie
jackson
jaguar
jake
james
japan
jasmine
jason
jasper
jennifer
jeremy
jessica
john
johnny
johnson
jordan
joseph
joshua
juice
junior
justin
kelly
kevin
killer
king
kitty
knight
ladies
lakers
lauren
leather
legend
letmein
little
london
love
lover
lovers
lucky
maddog
madison
maggie
magic
magnum
marine
mark
marlboro
martin
marvin
master
matrix
matt
matthew
maverick
maxwell
melissa
member
mercedes
merlin
michael
michelle
mickey
midnight
mike
miller
mine
mistress
money
monica
monkey
monster
morgan
mother
mountain
movie
muffin
murphy
music
mustang
naked
nascar
nathan
naughty
ncc1701
newyork
nicholas
nicole
nipple
nipples
oliver
orange
ou812
packers
panther
panties
paris
parker
pass
password
patrick
paul
peaches
peanut
penis
pepper
peter
phantom
phoenix
player
please
pookie
porn
porno
porsche
power
prince
princess
private
purple
pussies
pussy
qazwsx
qwert
qwerty
qwertyui
rabbit
rachel
racing
raiders
rainbow
ranger
rangers
rebecca
redskins
redsox
redwings
richard
robert
rock
rocket
rosebud
runner
rush2112
russia
samantha
sammy
samson
sandra
saturn
scooby
scooter
scorpio
scorpion
scott
secret
sex
sexsex
sexy
shadow
shannon
shaved
shit
sierra
silver
skippy
slayer
slut
smith
smokey
snoopy
soccer
sophie
spanky
sparky
spider
squirt
srinivas
star
stars
startrek
starwars
steelers
steve
steven
sticky
stupid
success
suckit
summer
sunshine
super
superman
surfer
swimming
sydney
taylor
teens
tennis
teresa
test
tester
testing
theman
thomas
thunder
thx1138
tiffany
tiger
tigers
tigger
time
tits
tomcat
topgun
toyota
travis
trouble
trustno1
tucker
turtle
united
vagina
victor
victoria
video
viking
viper
voodoo
voyager
walter
warrior
welcome
whatever
white
william
willie
wilson
winner
winston
winter
wizard
wolf
women
xavier
xxxx
xxxxx
xxxxxx
xxxxxxxx
yamaha
yankee
yankees
yellow
young
zxcvbn
zxcvbnm
zzzzzz

 

[TheBrew]

That's correct only for unoptimized brute force.

A person determined to crack passwords could construct a method that orders the search space going from more likely passwords to less unlikely, instead of using mere brute force it first goes over passwords constructed from dictionary words, then adds numbers, changes letters to symbols, prefers words that construct phrases that can be found on the Internet, etc.

Such method would crack "passwordismypassword" pretty easily.

Even passwords composed of random strokes follow a pattern because a person never randomly hits the keys and the method could compensate for that.

Normal password: MyD0gLikeSTORUNandB4rkW00f
Random strokes: AKZ9AM10)8zA0a_a9asMa*Ma90 (and my random stokes are more random than the average person random strokes)
Truly random password: CAeDtG5Z!1$Hd0(8Rkf24raKIB

“It would take about 17,884 nonillion years for a desktop PC to crack” the last password. The second one would be found significantly sooner because the algorithm would know to search for passwords with patterns first though you'll still be dead by then. The first one can be found much much much much sooner.


I have guesses a 13 letter password with capital letters and digits in it from the first try – I just knew the person.

That has nothing to do with password complexity, but is a social engineering attack. Brute force methods are really a thing of the past with auto-lock outs after a few failed tries or with a timer in between attempts. A PW can be really complex, but easily made insecure because of social engineering attacks and is why security training highlights those kind of attacks more so than PW complexity.

 

[JarodRussell]

There's nothing Skynet couldn't crack.

 

[Holdfast]

These are some funny shit.

This is the complete array of passwords of different lengths. I have no idea where SHC got these from. They look to be US-centric rather than UK-centric.

It reads like the list of SEO keywords to a porn site.

 

[Asbo Zaprudder]

These are some funny shit.

This is the complete array of passwords of different lengths. I have no idea where SHC got these from. They look to be US-centric rather than UK-centric.

It reads like the list of SEO keywords to a porn site.

There are entries for blowjob, startrek, bigtits, and ncc1701 -- obviously there is some deep psychological association with TV sci-fi and/or porn there when people have to think of a password. The porn connection is obviously Freudian; do Star Trek passwords arise from the Jungian collective consciousness or is it because rockets are phallic symbols?

 

[bigdaddy]

416 years... good enough for me.

 

[Amaris]

416 years... good enough for me.

Brute force, which almost no one uses anymore. Dictionary would probably hit your password correctly in about 5 seconds, although as it has been said above, most secure sites only allow 3-5 attempts before locking out the account and notifying the user.

 

[Tan Ru]

wow.

Mine said about 30 seconds............

That's not good.

And it's a totally made up word too! WTH?!

 

[Asbo Zaprudder]

wow.

Mine said about 30 seconds............

That's not good.

And it's a totally made up word too! WTH?!

Don't worry, the algorithm (posted upthread) is bogus for several reasons:

• A brute-force attack cannot know in advance that you haven't included numbers, uppercase characters, or special characters in your password.
• Even though a computer might generate 10000000 combinations per second, it can't try out 10000000 combinations per second.
• Any decent authentication sysem locks you out after 3 failed attempts.

That said, I know people that have on two occasions guessed the passwords of others based on personal knowledge. I've also seen IT personnel carry the admin passwords for a whole company on plastic cards in their wallets.