https://xato.net/passwords/more-top-worst-passwords/
A look at this list above may reveal that you use one of the 10 000 commonly used and easily cracked password to secure your accounts, such as a bank account.
Moreover, a simple app such as John the Ripper can crack such passwords in less than a second.
For further reading about passwords :
https://nakedsecurity.sophos.com/2015/0 ... th-meters/
passwords
A Glimpse Into the World of Internet Password Dumps
https://xato.net/passwords/understandin ... ord-dumps/
The hard fact is : passwords are by no means a secure enough tool to protect ourselves against hackers. Some steps are taken to enhance security, such as Google with 2-step verification. It will become common pratice in the years to come, especially to secure sensitive accounts, such as bank accounts, and other financial services. If implementation is so slow, it is because people are unaware of the extent of the problem, and people are not yet demanding more security against hackers, and, by the way, some nations are against more security, if it means encrypting communications on a large scale. More data breach will have to occur before this problem is taken serioulsy. In the meantime, class actions may pressure governments and private corporations to be more pro-active. Because damages are done to individuals when personal data are stolen from corporate servers. Corporations are responsible for securing their data. It's not the other way around : users responsible for securing their personal data on corporate servers.
There are also hundreds of thousands of web sites that share hacked passwords for gaming, video, porn, and file sharing sites. These don’t always produce the best quality passwords, but I do have scripts to scrape a number of these sites. In a single day those scripts can produce well over a million passwords.
If you were shocked by my releasing password data, take an hour exploring the internet and you will see that 10 million passwords really is a drop in a bucket, even a drop in a thousand buckets. Keep in mind that a big part of the effort in producing my data was getting it all the way down to 10 million in a balanced manner (I couldn’t just remove millions from the end of the file). It took me about three weeks to whittle down and then sanitize the data.
What I have shown here is only a small number of sources available out there. Most of the forums listed above provide “VIP
The hard fact is : passwords are by no means a secure enough tool to protect ourselves against hackers. Some steps are taken to enhance security, such as Google with 2-step verification. It will become common pratice in the years to come, especially to secure sensitive accounts, such as bank accounts, and other financial services. If implementation is so slow, it is because people are unaware of the extent of the problem, and people are not yet demanding more security against hackers, and, by the way, some nations are against more security, if it means encrypting communications on a large scale. More data breach will have to occur before this problem is taken serioulsy. In the meantime, class actions may pressure governments and private corporations to be more pro-active. Because damages are done to individuals when personal data are stolen from corporate servers. Corporations are responsible for securing their data. It's not the other way around : users responsible for securing their personal data on corporate servers.
There are also hundreds of thousands of web sites that share hacked passwords for gaming, video, porn, and file sharing sites. These don’t always produce the best quality passwords, but I do have scripts to scrape a number of these sites. In a single day those scripts can produce well over a million passwords.
If you were shocked by my releasing password data, take an hour exploring the internet and you will see that 10 million passwords really is a drop in a bucket, even a drop in a thousand buckets. Keep in mind that a big part of the effort in producing my data was getting it all the way down to 10 million in a balanced manner (I couldn’t just remove millions from the end of the file). It took me about three weeks to whittle down and then sanitize the data.
What I have shown here is only a small number of sources available out there. Most of the forums listed above provide “VIP
-
- Posts: 1885
- Joined: Tue 05 Jun 2012, 12:17
- Location: Wisconsin USA