Delphi 2010 Handbook




Delphi 2009 Handbook




Delphi 2007 Handbook




Essential Pascal




social web book








January 26, 2010

123456 for Password

I couldn't resist posting about this mythical password, after an informal research shows it is heavily in use.

I think this is not a terribly technical post but I couldn't resist posting about this mythical password ("123456") and its variations, after an informal research shows it is heavily in use.

The first time this great password was made popular was during the following dialog in the Space Balls film, at the point the "bad guys" are stealing the fresh air of planet Druidia and have been given the secret password:

Dark Helmet:  All right, give to me.
Roland: The combination is (hesitates) one.
Dark Helmet:  One.
Colonel Sandurz: One. (writes)

Roland: Two.
Dark Helmet:  Two.
Colonel Sandurz: Two. (writes)

Roland: Three.
Dark Helmet: Three.
Colonel Sandurz: Three (writes)

Roland:  Four.
Dark Helmet: Four.
Colonel Sandurz: Four. (writes)

Roland: (hesitates) Five.
Dark Helmet:  Five.
Colonel Sandurz: Five. (writes)

Dark Helmet: So the combination is one, two, three, four, five. (lifts mask) That's the stupidest combination I've ever heard in my life. That's the kinda thing an idiot would have on his luggage.

...

President Skroob: Great. Now we can take every last breath of fresh air from Planet Druidia. What's the combination?
Colonel Sandurz: 1-2-3-4-5
President Skroob: 1-2-3-4-5?
Colonel Sandurz: Yes!
President Skroob: That's amazing. I've got the same combination on my luggage.

President Skroob: Prepare Spaceball 1 for immediate departure!
Dark Helmet: Yes, sir!
President Skroob: And change the combination on my luggage!

That combination is not used just in luggage, if it is true as reported by an analysis (reported in the following PDF by Imperva) of the password used at the site rockyou.com (not a high secutiry site in user's mind, for sure) the top passwords are 123456, followed by 12345, the numbers to 9, to 7 and to 8 (in the order). Some 13,000+ smart users went for 654321! Great move, compared to the 500,000+ of the previous combinations.

I'm also intrigued by a few more groups of tens of thousands of users who picked "Password" as password or "rockyou" (the site name). There were also 13,000+ lazy typist who used "qwerty" the sequence of letters on their keyboards, right below 123456.

I know you've probably seens worse password stories among your users, if anyone is willing to share they are welcome!

 

posted by marcocantu @ 4:58PM | 12 Comments [0 Pending]




 

12 Comments

123456 for Password  

 Hi Marco, a common practice that I've seen is the 
use of an user named admin and the password admin ...
a lote of programs do that !

Regards,
Diego Garcia
Comment by Diego Garcia [http://unitonedev.blogspot.com] on January 26, 17:13

123456 for Password  

Hi friends!
I've seen a lot of times login user="test" and 
password="test" too.

Best regards from Hawaii.
The Paradise Islands.
Comment by Paulo Oliwa on January 26, 17:27

123456 for Password  

123456 bet at 6/49 loto has 1 chance over 13000000+ to
win. That is pretty small! :0
Comment by richardp on January 26, 17:37

123456 for Password  

If I knew or suspected a site would store my password
in readable form somewhere, I'd use (something like)
123456 too.
I am more baffled by a million+ user site doing this,
than I am by the silly passwords.
Comment by Maarten on January 26, 18:07

123456 for Password  

Last week somebody sent me a password for a public
website I needed to log into. The password was "secret".

About websites storing readable passwords:
The Embarcadero Delphi Developers Network is one of
the websites that stores its passwords in an insecure
way. If you click "Email My Password" on the log in page:

https://members.embarcadero.com/login.aspx

It will actually email you your password. I was
stunned when I found that out years ago.
Comment by Jan Derk on January 26, 19:09

123456 for Password  

Every 100th icq number (what has 9 digits) has a such 
password, really. Here is a joke, a person logins 
into a icq number with such a password, but one digit 
is wrong by mistake, and login is successful :)
Comment by crystalbit [http://parsers.info] on January 26, 20:21

123456 for Password  

Hi, Marco,

Is your Delphi 2010 handbook ready? :)
Comment by Jeff on January 26, 21:37

2010 Handbook  

Almost ready. It is a matter of days, plus the 
production time (a couple of weeks).
Comment by Marco Cantu [http://www.marcocantu.com] on January 26, 23:30

123456 for Password  

 damn! Now I have to change all my servers password,
Nice move Marco. NICE
Comment by Felipe on January 27, 01:35

123456 for Password  

 adsf and asdf are quite popular, too. Followed
closely by qwert
Comment by Delfi Phan on January 27, 21:03

123456 for Password  

I had problem with user using their own username as 
domain passwords... and username were easy 
predictable. When I put a restriction many of them 
just added the month to the username. Had to work on 
more and more complex password complexity 
requirements.
Comment by Luigi D. Sandon on January 28, 19:27

123456 for Password  

 Don't forget that most users are instructed how 
important it is that there password be kept 'SECRET'!
Comment by on February 7, 08:52


Post Your Comment

Click here for posting your feedback to this blog.

There are currently 0 pending (unapproved) messages.