Whats that? Passwords are supposed to be hard to guess?

[laptop-mechanic.livejournal.com]

So I'm working on this Sony SZ series machine. Unit's passing hardware tests from my boot CD, so its time to go into windows and see what's what.

The owner's password?

password

Yes, that's it.

Thats like setting your luggage combination to 12345.

Comments

[mouse-from-marz.livejournal.com]

hey that's MY luggage password!

[xforge.livejournal.com]

Spaceballs ref ftw.

I'd be willing to bet "password" is about 1/3 or more of all passwords in the world. In whatever language the person whose password it is speaks mind you.

[jokergirl.livejournal.com]

Damn, beat me to it.

[museology.livejournal.com]

Maybe they think it's so simple that nobody would guess it...?

[fnordx.livejournal.com]

12345? That's amazing! That's the same password as on my planet's air shield!

Although, having your password be "password" isn't quite as clever as having it be "********".

[http://users.livejournal.com/hub_/]

but that's what is displayed !!! stop showing my password!

[pikaporeon.livejournal.com]

Why don't you go hunter2 my hunter2ing hunter2

[gholam.livejournal.com]

As far as your average user is concerned, passwords were invented by sysadmins to annoy the users. Maybe as payback for all the grief they cause us.

[ptstech.livejournal.com]

Average users make Pakleds look like Hawking clones.

Just saying.

[http://users.livejournal.com/hub_/]

with TSA you can't even set a combination.

[mouse-from-marz.livejournal.com]

no, you can, but you have to have a special lock that they have a tool to open.

I don't know WHAT the rules are for laptops now... sheesh, what a mess.

[crywolf.livejournal.com]

Confuse them all. Make your password "pasword"

[mynameisnotreal.livejournal.com]

Ha! I fool da bitches; I sets my combo to 54321!

[stimpy.livejournal.com]

I'm late to the party, but I brought my icon along.

[http://users.livejournal.com/hub_/]

and a bottle of Peri'Air ?

[notthebuddha.livejournal.com]

There's nothing wrong with that, it's the owner's option. Most of my personal, at-home PCs have blank passwords, except that XP won't allow blank passwords for certain uses, like file and printer sharing.

[http://users.livejournal.com/hub_/]

and why do you need a password with XP anyway. it is like locking the door of a paper house.

[ravenshrinkery.livejournal.com]

I don't expect my machines to be secure against anyone with local access. However, a very simple password is enough to keep my 3 year old off the machine when I don't want her on. It probably won't be long between when I need a secure password and she finds a way around it.

[wibbble]

One of our clients has 'Password' as our password for connecting to their VPN.

I wish I was lying.

[http://users.livejournal.com/hub_/]

prove it!

[yanni85.livejournal.com]

I asked a client once what their password was.
I kid you not, it was "12345"

I had one hell of a time not blurting out the appropriate response.

[vulpisfoxfire.livejournal.com]

Heee. Actually, it's entirely possible that's why they *set* that password, as something easy to remember. Granted, this depends on what they put it on...

[awarrenfells.livejournal.com]

What's worse... is the sales droids for $ISP set up a default password when the accounts are established. The customers are informed to reset the password to something different.

A full 2/3, if not more, of all the customer's I deal with STILL have the default passwords... which are usually 'password', or 12345.

Fail.

[phrogg.livejournal.com]

When i worked for our ISP, they'd had to take measures to PREVENT our sales twerps from making passwords of "password". So they started using "Password" instead.

*head-desk*

[antikythera.livejournal.com]

One of my tasks, since we don't have an automated system set up for this on our website, is to retrieve passwords for users who have lost them (once they supply the correct answer to their secret question, of course). I'm quite surprised at the number of people who do use strong passwords.

I actually haven't seen a single 'password' or '12345' in a year of working there. More often, I see people who don't understand how the secret question works. The question will be something like "what is the name of your pet?" and they'll put random characters in which they can never remember again, or they'll put another hint for themselves in that field to remind them of their password even though they're supposed to supply that field when we ask.

[mattcaron.livejournal.com]

I tend to use reasonably secure but rememberable passwords, such as the kind generated by apg (ie wofGoam2).

The problem is that, since I am remembering them, I tend to reuse them, which is a bad idea.

Thus, I have gone to using keepass (specifically keepassx), which uses a password which I remember to unlock a DB of passwords which are individualized and absurdly long and random. (ie HFheuy-1J-19374675lsahd .. I'm randomly typing on the keyboard here, but there is actually a generator builtin which I use, but you get the drift)

I should also note that this pulls the passwords out of the browser and effectively "gaps" the password storage and browser, so it somewhat mitigates the ability of various XSS vulnerabilities and such to steal all your passwords.

Diggit?

[kgasso.livejournal.com]

We store customer information in MySQL, and have to keep a cleartext password for PPP CHAP authentication. A while back, I did some querying to see just how terrible our users' passwords were. Here were some of the more interesting/amusing results (for those who don't know, "%" is a wildcard in SQL syntax):

SELECT COUNT(*) FROM customers (total number of customers): 32112

SELECT COUNT(*) FROM customers WHERE password = "password" (password is the literal string "password"): 151

SELECT COUNT(*) FROM customers WHERE password = username (password is the same as the username): 660

SELECT COUNT(*) FROM customers WHERE password LIKE "123%": 364

SELECT COUNT(*) FROM customers WHERE password LIKE "%321": 44

SELECT COUNT(*) FROM customers WHERE password LIKE "qwerty%": 8

SELECT COUNT(*) FROM customers WHERE password LIKE "asdf%": 11

SELECT COUNT(*) FROM customers WHERE password = "********": 16

SELECT COUNT(*) FROM customers WHERE LENGTH(password) <= 4: 5151

...and I thought our users were doing surprisingly well -- until I executed the last query.

[jokergirl.livejournal.com]

You forgot to check "%123" (very common here)

;)

[trixtah.livejournal.com]

Hah, you try working for our organisation where the fucking "security policy" for our Blackberries permits passwords of four characters. We deal with the government directly. The Blackberries are given to general managers and other senior staff, and naturally hook into the corporate Exchange servers and the intranet.

The GM of the technical group has taken the opportunity to use a four-character password - "adad" - I spotted him entering it in. And how many more are like that?

[scottish-alth.livejournal.com]

Trix, woah!

I work in a very unimportant call centre, my departments policy has a minimum (MINUIMUM! of 14 characters).

[70schild.livejournal.com]

A local ISP set up all the mail passwords as follows:

password1
password2
password3
password4
password5
password6