I remember running a security audit against one of our domains when I was in the military. We ran some utilities against the domain controllers and put together a list of the user’s passwords, and then used them in a presentation about security for the users. They were shocked when we put up the list. Here’s a list of 500 of the most common passwords (*Caution, some of these are obscene*)- if you see any of your passwords here immediately change them. They’re well known and the hackers start with this list. If you didn’t see your list and would like to check a password, try this password checker.
Tags: Passwords
Eddie wrote,
Oh man, I have to change my password now… Wow.
Link | February 20th, 2009 at 10:23 pm
Maximillian Hill wrote,
Although it’s safe in this case, it’d suck if the password checker logged your passwords and used a cookie exploit to guess which websites to try your password on. I wouldn’t go putting my password in on a random site.
Link | March 27th, 2009 at 7:37 am
Cliff wrote,
Excellent point Maximillian, probably be better still to check one password and use another- ie check the strength for a 10 character password using an uppercase, lowercase, number and special character, then develop your own unique version for actual use. I’ve had pretty good luck with Roboform, which can generate and remember them for you. The free version lets you keep up to ten passwords, the pro version is unlimited. Given we maintain several hundred passwords, most of which are changed every 90 days or less, it’s pretty handy.
Link | March 27th, 2009 at 11:14 am
Mark wrote,
Thanks, I changed my passwords too!
Link | June 11th, 2009 at 1:29 pm