Top 10 Worst Passwords

[Frederick]

Top 10 Worst Passwords:

1. 123456

2. 12345

3. 123456789

4. Password

5. iloveyou

6. princess

7. rockyou

8. 1234567

9. 12345678

10. abc123

Please dont tell me  you have got one of these !

[woolybanana]

I have them all. It does take some time to log in!!

[Quillan]

Letmein, administratrs password to Sage accounting systems, very few people ever change it.

[Pommier]

I have to own up that when I was working and the password had to change every month (and not to the previous month's password) mine was the first three letters of the month, followed by the year. I don't think it was just me either!

[Quillan]

Both Novell and Microsoft had/have policies that allowed the system administrator to set how frequently the password should be changed and how many characters it had to be, both could/can also say what hours you can log in to the system (say only between 09:00 and 17:00). The problem would be the company boss's who would hardly use a computer themselves, their secretary did everything, and they thought it too complicated to create new passwords so asked for that option to be turned off. We would always argue that the physical servers and software where small fry (and of course insured) where as data is priceless and one should always protect it.

[tinabee]

It's the security questions that drive me mad - gone are the days of "mother's maiden name?" - too easy. I recently had the choice of:

Father's middle name?  he didn't have one

Mother's first name (must be 8 characters or more)? Ivy!!!!!!!!!

Name of first pet? never had one

Favourite restaurant? don't have one

Favourite cartoon character?  oh for goodness sake [:'(]

[Jo]

Even worse are the secure codes you have to use with certain credit cards, I always forget it[:$] it's more than I can do to remember the password I use[:-))] so I have to log in each time and create a new one, fine, but it won't let you use one you had before[blink][blink] I'm fast running out of various aunts maiden names[:-))][:-))]

[Gyn_Paul]

[quote user="Pommier"]I have to own up that when I was working and the password had to change every month (and not to the previous month's password) mine was the first three letters of the month, followed by the year. I don't think it was just me either![/quote]

That sound horribly like the BBC. I could never get my head round why the system was entirely safe on day 27, but so insecure as to need everybody to change their password on day 28.

I discovered that  - although there was a minimum number of characters - there appeared to be no maximum number, so I just added words. So what started as 'summertime' ended up as 'summertimeandthelivingiseasyfisharejumpingandthecottonishigh'

And we all recognize the workings of 'the law of unintended consequences', whereby after about month 5 no sane human can remember the damned thing so you write it on a post-it and stick it to the side of the monitor. Sorted !

Frequent changes make a system less secure, not more.

p

[Théière]

What's wrong with ******** [;-)]

[AnOther]

My admin PW for our main system is long and needs

changing every 90 days but I was told early on that all I actually had

to do was tag the month and year on the end and change that so the

current ********************0112 will shortly become

********************0312 then 3 months later ********************0612,

and so on.

The daftest system I have come across recently is one where you are forced to change the PW every 28 days, usual stuff, minimum length, combination of upper and lower letters numbers and characters, yet once you have changed it and logged back in you can immediately change it back to what it was !

Another system recently installed has it's long and complicated PW printed on dymo tape and stuck to the keyboard.

Another 3rd party system has multiple logins for different levels of access and when it was installed the vendor gave me a print out of them all which I have to use on a regular basis when somebody from the company comes out to work on it either without having been given them at all or not the ones he need to do whatever it is he needs to.

[PaulT]

At work I am the administrator of one of our systems. You can set others up as administrators and give them passwords that they can change. However, there is a super administrator login that is needed for certain tasks and the username and password is set. This means I could go to anywhere else where the system is installed, login with the super admin username and password and have fun [6]

Paul

[Stis]

IMO, forcing a user to change password is a major security flaw - I had a near uncrackable one for Paypal but after several forced changes resorted to writing it down, lest I forget it :-(

Stis