I remember running a security audit against one of our domains when I was in the military. We ran some utilities against the domain controllers and put together a list of the user’s passwords, and then used them in a presentation about security for the users. They were shocked when we put up the list. Here’s a list of 500 of the most common passwords (*Caution, some of these are obscene*)- if you see any of your passwords here immediately change them. They’re well known and the hackers start with this list. If you didn’t see your list and would like to check a password, try this password checker.
Password Strength Checker
Previous post: Disaster Recovery
Next post: Lissie’s Site Build It Scam Review
{ 4 comments… read them below or add one }
Oh man, I have to change my password now… Wow.
Although it’s safe in this case, it’d suck if the password checker logged your passwords and used a cookie exploit to guess which websites to try your password on. I wouldn’t go putting my password in on a random site.
Excellent point Maximillian, probably be better still to check one password and use another- ie check the strength for a 10 character password using an uppercase, lowercase, number and special character, then develop your own unique version for actual use. I’ve had pretty good luck with Roboform, which can generate and remember them for you. The free version lets you keep up to ten passwords, the pro version is unlimited. Given we maintain several hundred passwords, most of which are changed every 90 days or less, it’s pretty handy.
Thanks, I changed my passwords too!