It is a hacker’s dream. Even in the face of repeated warnings to protect online accounts, a new study reveals that “admin” is the most commonly used password in the UK.
The second most popular, “123456”, is also unlikely to keep hackers at bay.
It’s not just a problem here – Australians, Americans and Germans also use “admin” more than any other password when accessing websites, apps and logging in to their computers. Around the world, “123456” emerges as the most popular.
Picked up a keyboard at the thrift with a pink sticky note on the bottom:
user:adminpass:passwordYes, someone had to write that down.
Correct Horse Battery Staple
Luckily for me my password is ******
Edit: weird lemmy automatically replaced my password with ‘*’
The second most popular, “123456”, is also unlikely to keep hackers at bay.
That’s what I use on my luggage
6 digits for luggage?
12345 was made popular by a documentary several years ago. So I updated my luggage.
/s
It’s a reference to Spaceballs if you were out of the loop.
I was out of the loop, thanks for the clarification.
I’ve “hacked” web apps by logging in with “user - password” or something equally inane.
But, my long-time sole password of TrustNo1 should be good right??
Invent your own hashing algorithm. It’s easy, fool-proof, secure, and reusable without compromising security.
Here’s a few examples: ebay.com password is moc.y4b3-saltyboi69 lemmy.world password is dlr0w.ymm3l-saltyboi69
(These aren’t real btw)
people writing password crackers are smarter than that dude
Most compromised passwords are used by script kiddies in mass attacks, not targeted attacks by elite hacking squads. If a password fails verbatim, they just move on to the next compromised account of millions, not develop pattern recognition software to try to figure out replacement candidates for each website.
Association attacks exist in the wild.
Let’s say that this is their ebay account. In that case the reward for unlocking each account is very high, so attackers (even in mass attacks) have incentive to put in more work as long as the work cost per account hacked is less than the average reward and there is a net profit.
I assume in this day and age it’s probably also viable to use LLMs for password guessing, as long as it’s for a high value account. That unlocks a whole another can of worms and if it was me I’d never use low entropy passwords like “moc.y4b3-saltyboi69”
Perhaps this kind of password is viable if it’s for an online service that implements rate limiting, but you also have to consider the case that a site gets hacked and their encrypted database (encrypted by each user’s password) makes it onto the web. This has happened a lot recently and makes it ridiculously easy for people to throw their GPUs at the task.
You sound pretty unqualified to judge smartness.
