Worst Passwords

On the OTOH blog, Elizabeth Daingerfield Zwicky has been musing on bad passwords, beginning with:

If you follow security news, you will have seen stories about Twitter and its banned password list, 370-odd passwords which Twitter has embedded in the source code of its registration page so that if you try to use them, it can say that they are “too obvious”… As it happens, I spent some of last week reading lists of common passwords… As a result, the list looked oddly familiar as soon as I saw it. It’s [a version of] “The 500 Worst Passwords of All Time” from Mark Burnett’s book Perfect Passwords.

and eventually getting to:

… In any case, there’s no such thing as the 500 worst passwords of all time. The passwords on any given list reflect the password rules of the site, the pop culture of the time (that all-time list was before the band Blink 182 became popular), the popular names and sports teams of the regions the users come from… There are a lot of commonalities from list to list (apparently “password”, “letmein”, and “123456” never get old), but there’s a lot of turnover, as well.

Cute. They’re just lists, but there are local variants (like dialects) along with shared material, plus change in time.

Leave a Reply