"password".


>The Most Common Password Is...
..."password."

That's right, the word most commonly chosen as a password-- which means you should never use it yourself as it is too easy to guess by people intent on violating your e-mail --is "password."

Britain's The Register reports this based on an admittedly unscientific, but extremely revealing, survey conducted by the folks who organized the InfoSecurity Europe conference. They walked up to random office workers at London's Waterloo Station and asked them for their password in exchange for a cheap pen. Fully 90 percent revealed their password. (Last year 65 percent fell for the bait.) And 12 percent of them said the password is "password."

Weird password facts:

The most popular category for a password was the person's own name, followed by their favorite sports team and date of birth. (Hint: If you see yourself here, immediately change your password!)
Men were slightly more likely to reveal their password than women. Fully 95 percent of men handed over the password when asked, compared with 85 percent of women.
Naughty, naughty:

75 percent said they knew their co-workers' passwords.
66 percent admitted they had given their password to a colleague.
66 percent said they use a single password for everything -- from the company computer to personal banking. (That makes them more vulnerable to financial fraud, personal data loss, or identity theft.)
Tips to protect your password:

Keep your passwords secret. Don't give them away in exchange for a cheap pen or anything else. And if you do reveal your password, change it!
Use a different password for everything.
Change your passwords every few months, perhaps at the start of each new season.
When choosing a password, do not choose a word that is in the dictionary or a string of numbers. Never use your name, your spouse's name, your children's names, your home address, or your birthday. These are too easy for hackers to guess.
When creating a password, mix and match letters and numbers. Example: KRT358A
If your password suddenly doesn't work, be suspicious! Someone may have gained access to your account.
When you log on in public, be sure no one is watching you type in your password.
And the most important password protection tip of all:

Never give your password to anyone who asks for it in an e-mail or Instant Message -- no matter how convincing or official the request may be.<

as part of my job (in the past!) i was responsible for helping security.. and posted on our local system, tips for easy to remember hard passwords..

one great trick it to take one of those word games that are sprung an 6th and 7th graders all the time..(you can sometimes find them in sunday comic sections too)

Fill in the blanks

88 K_ _ _ O_ a p _ _ _ _ k _ _ _ _ _ _ _

or

52 C _ _ _ _ I _ S _ _ _ _ _ _ D _ _ _

(the anwers being 88 keys on a piano keyboard/52 cards in standard deck -- and there are hundreds of others similar ones)

but 52cisd is a great password! as is
88koapa -- they are 'easy to remember, hard to crack'-- they seem like random number and letters.
(and they worked..our system required 6 characters, and at least on non-alpha character!)

On of my favorites, is S!itnol.. (not a current one obviously!) it is the first letters of Stop! In the Name of Love. -- which is an other great way to 'generate' passwords. and group of words or phrase that suits you lends its self-- ET,B! (et tu, brutes!) is only 5 characters, and 6 or more is better.. (and i know latin did not use comma's, but its the idea!)

these are also great for pin numbers.. (just use the telephone pad/number letter groups for letters)

so if you are using your birthday, or your eldest child's birthday, or your wedding aniversay, or the last 4 numbers of your SS# (these are also common passwords!) STOP

memory palaces are also great for passwords.. look around your desk, and focus on an object.. then think about it..

if you recieved it as gift, from your grand(child/mother/etc) for graduation/birthday/special event) one object can generate lots of differnt passwords. (-- directly or indirectly.. maybe grandmother is really NANA H.. or a graduation present might lead to 98TDPS (PS 98, The David Porter School-(NY city schools have both numbers and names) the first school you attended.. there is no obvious connection to photo in a frame to 98TDPS- but when you come back from vacation, and are trying to remember your passwords.. a memory palace helps!

In the easy to remember, hard to crack line, a friend setup his aunt with the password di11yd@11y - a nice mix of characters that still spell out an easily remembered word.

of_troy,

Yours is exactly the technique I use.
The sysadmins tell me my pw is great.

k

an easily remembered word.

To you, maybe. To me it's not even recognizable.

an easily remembered word.

To you, maybe. To me it's not even recognizable.

dillydally--

but some systems(networks) won't let you use a password that has already assigned characters in a password, so @ is out; its used in email, and / is out; (file system command, and * is out, too.. depending on your system, and network other characters may be off limits too.

you can use dr bill's common mistake, and miss home row.. so instead of having your fingers on ASDF and JKL:, offset them to WERTand IOP[, and then just type something simple, like hello (obviously, this only words if you are touch typist, not a hunt and peck one.)

Great stuff, Whit and Helen! Thanks.
My favorite example of a password comes from the TV SiFi story "Babylon 5" when "Garibaldi" - the tough guy head of security - has to tell his password in order to reboot the computer : Garibaldi's password ? Peekaboo. As he says in the film "Who'd think of it?"
A chum of mine uses Letmein which is fun!
As for me, I find Hawaiian words useful.

A friend of mine used to have 'omerta' for a password!

> Use a different password for everything.

Yeah sure. It's bad enough now using one of my three four favourite passwords. I have a thing about deleting cookies (probably paranoid, I don't like them sending me things that I don't want) and once managed to delete a load of useful ones - it took me ages to order my shopping, stationery and read the New York Times online - I must have been through a bad patch. My trick is using a mixture of place names in a language known to Maverick and numbers that seem to make sense at the time - and there's the rub - I must have gone through a bad patch in word/letter combinations at some point.

Isn't there software around that can capture all keystrokes? I assume (and hope) that it cannot be used remotely. it wouldn't be too difficult to work the passwords out as they would usually follow some kind of ID.

re:it wouldn't be too difficult to work the passwords out as they would usually follow some kind of ID.


well that is one advantage of the newer windows OS's they require you to press 'cont +alt +del" (contol/alt/delete) to get to log in screen.. and since cont/alt/delete can not be done remotely, (the combo is used because it is in effect a hardware switch, not a software one) no one can get to your log in remotely..

and i try to have all my passwords saved, and run a good encryption software.. then they are a bit safer.. (not that i care if someone logs into the NY times under my name!(which they would have to figure out, plus my password.) memory palaces are best for multiple passwords, or use the same password, and change it every three months.. (that takes disipline.)

Merciful heavens, I cannot imagine why anyone would want anything I go to that requires a password. Geez.

<<<well that is one advantage of the newer windows OS's they require you to press 'cont +alt +del" (contol/alt/delete) to get to log in screen.. and since cont/alt/delete can not be done remotely, (the combo is used because it is in effect a hardware switch, not a software one) no one can get to your log in remotely..>>>


I always assumed it was done to irritate people who have an arm missing....

well that is one advantage of the newer windows OS's they require you to press 'cont +alt +del" (contol/alt/delete) to get to log in screen.. and since cont/alt/delete can not be done remotely, (the combo is used because it is in effect a hardware switch, not a software one) no one can get to your log in remotely..>>>


I always assumed it was done to irritate people who have an arm missing....

I can't speak for Windows XP, but at least in Windows 2000 Pro, it does not require one to use C-A-D to login. It offers it as an option, and strongly recommends that one use the option, but it definitely does not require it.

The Sunday NYTimes Magazine section had an article yesterday, about the dangers of wireless networks, and how for $40, with a Palm PDA you could hack many networks.

NYC has several parks set up as wireless networks. (Bryant Park, on 6th Ave, behind the main library is one) any one can sit in the park, and work online with laptop, but as the article makes clear, they do so at their own risk.

the guy found he could pick up wireless networks 2 blocks away with the software. the guy was a network security guy, and he was checking out a clients site, not hacking, but basicly, he had turned his hacking into a career opportunity-- by finding flaws in wireless network security, he could then sell solutions.

interesting reading...

ctrl/alt/delete = cad
OED says :"An unbooked passenger taken up by a coach driver for his own profit" also " a vulgar ill-bred person; a person guilty or capable of ungentlemanly behaviour; a blackguard!"

I cannot imagine why anyone would want anything I go to that requires a password

This is why I have a few "throwaway passwords" for things where my identity is not at real risk - like AWAD, or the NY Times. Then when I'm stumped and can't remember them, I only have to try three or four "standard" ones. Then I have some "decent" passwords which are nonsense strings (for which I've created mnemonics) that regularly get rotated for more private stuff (such as my Unix accounts at school, Hotmail, etc.).