Weak passwords | Change your password NOW if its in this list

Discussion in 'Security Discussion' started by Sythe, Jul 20, 2016.

Thread Status:
Not open for further replies.
Sign in to Post
Thread Tools

Thread Tools

  • Thread ID:
Weak passwords | Change your password NOW if its in this list
  1. Unread #1 - Jul 20, 2016 at 9:57 PM
  2. Sythe
    Joined:
    Apr 21, 2005
    Posts:
    8,071
    Referrals:
    465
    Sythe Gold:
    5,271
    Discord Unique ID:
    742989175824842802
    Discord Username:
    Sythe
    Dolan Duck Dolan Trump Supporting Business ???
    Poképedia
    Clefairy Jigglypuff
    Who did this to my freakin' car!
    Hell yeah boooi
    Tier 3 Prizebox Toast Wallet User
    I'm LAAAAAAAME Rust Player Mewtwo Mew Live Free or Die Poké Prizebox (42) Dat Boi

    Sythe Join our discord

    test
    Administrator Village Drunk

    Weak passwords | Change your password NOW if its in this list
    Here's a list of particularly weak passwords used by real sythe users at one point or another.

    If your password is in this list then change it immediately.

    1111
    11111
    111111
    11111111
    112233
    1212
    121212
    123123
    1234
    12345
    123456
    1234567
    12345678
    131313
    2000
    2112
    232323
    4321
    4444
    654321
    6666
    666666
    6969
    696969
    7777
    777777
    7777777
    8675309
    987654
    aaaa
    aaaaaa
    abc123
    access
    action
    albert
    alex
    alexis
    amanda
    andrea
    andrew
    angel
    angela
    angels
    animal
    anthony
    apollo
    apple
    apples
    arsenal
    arthur
    asdf
    asdfgh
    ashley
    asshole
    august
    austin
    baby
    badboy
    bailey
    banana
    barney
    baseball
    batman
    beach
    bear
    beaver
    bigcock
    bigdaddy
    bigdick
    bigdog
    bigtits
    bill
    billy
    bitch
    bitches
    biteme
    black
    blazer
    blonde
    blowjob
    blowme
    blue
    bond007
    bonnie
    booboo
    boobs
    booger
    boomer
    booty
    boston
    brandon
    brandy
    braves
    brazil
    brian
    bronco
    broncos
    buddy
    bulldog
    buster
    butter
    butthead
    calvin
    camaro
    cameron
    canada
    captain
    carlos
    carter
    casper
    charles
    charlie
    cheese
    chelsea
    chester
    chevy
    chicago
    chicken
    chris
    cocacola
    cock
    coffee
    college
    compaq
    computer
    cookie
    cool
    cooper
    corvette
    cowboy
    cowboys
    crystal
    cunt
    dakota
    dallas
    daniel
    danielle
    dave
    david
    debbie
    dennis
    diablo
    diamond
    dick
    doctor
    doggie
    dolphin
    dolphins
    donald
    dragon
    dreams
    driver
    eagle1
    eagles
    edward
    einstein
    enjoy
    enter
    eric
    extreme
    falcon
    fender
    ferrari
    fire
    firebird
    fish
    fishing
    florida
    flower
    football
    forever
    frank
    fred
    freddy
    freedom
    fuck
    fucked
    fucker
    fucking
    fuckme
    fuckyou
    gandalf
    gateway
    gators
    gemini
    george
    giants
    ginger
    golden
    golfer
    gordon
    great
    green
    gregory
    guitar
    gunner
    hammer
    hannah
    happy
    hardcore
    harley
    heather
    hello
    helpme
    hentai
    hockey
    hooters
    hotdog
    house
    hunter
    hunting
    iceman
    iloveyou
    internet
    jack
    jackie
    jackson
    jaguar
    jake
    james
    japan
    jasmine
    jason
    jasper
    jennifer
    jeremy
    jessica
    john
    johnny
    johnson
    jordan
    joseph
    joshua
    juice
    junior
    justin
    kelly
    kevin
    killer
    king
    kitty
    knight
    lakers
    lauren
    leather
    legend
    letmein
    little
    london
    love
    lover
    lovers
    lucky
    maddog
    madison
    maggie
    magic
    magnum
    marine
    mark
    marlboro
    martin
    marvin
    master
    matrix
    matt
    matthew
    maverick
    maxwell
    melissa
    member
    mercedes
    merlin
    michael
    michelle
    mickey
    midnight
    mike
    miller
    mine
    money
    monica
    monkey
    monster
    morgan
    mother
    mountain
    muffin
    murphy
    music
    mustang
    nascar
    nathan
    ncc1701
    newyork
    nicholas
    nicole
    nipple
    nipples
    oliver
    orange
    packers
    panther
    panties
    paris
    parker
    pass
    password
    patrick
    peaches
    peanut
    penis
    pepper
    peter
    phantom
    phoenix
    player
    please
    pookie
    porsche
    power
    prince
    princess
    private
    purple
    pussy
    qazwsx
    qwert
    qwerty
    qwertyui
    rabbit
    rachel
    racing
    raiders
    rainbow
    ranger
    rangers
    rebecca
    redskins
    redsox
    redwings
    richard
    robert
    rocket
    rosebud
    runner
    rush2112
    russia
    samantha
    sammy
    samson
    sandra
    saturn
    scooby
    scooter
    scorpio
    scorpion
    scott
    secret
    sexsex
    sexy
    shadow
    shannon
    shit
    sierra
    silver
    skippy
    slayer
    smith
    smokey
    snoopy
    soccer
    sophie
    spanky
    sparky
    spider
    star
    stars
    startrek
    starwars
    steelers
    steve
    steven
    stupid
    success
    suckit
    summer
    sunshine
    super
    superman
    surfer
    swimming
    sydney
    taylor
    tennis
    test
    tester
    testing
    theman
    thomas
    thunder
    thx1138
    tiffany
    tiger
    tigers
    tigger
    tits
    tomcat
    topgun
    toyota
    travis
    trouble
    trustno1
    tucker
    turtle
    united
    vagina
    victor
    victoria
    video
    viking
    viper
    voodoo
    voyager
    walter
    warrior
    welcome
    whatever
    william
    willie
    wilson
    winner
    winston
    winter
    wizard
    xxxx
    xxxxx
    xxxxxx
    xxxxxxxx
    yamaha
    yankees
    yellow
    young
    zxcvbn
    zxcvbnm
    zzzzzz
     
    Share
    ^ Sonia likes this.
  3. Unread #2 - Jul 21, 2016 at 9:39 AM
  4. Sonia
    Joined:
    Aug 7, 2012
    Posts:
    2,972
    Referrals:
    9
    Sythe Gold:
    3,514
    <3 n4n0 Two Factor Authentication User Community Participant Support Center Participant Writing Competition Winner In Memory of Jon Valentine's Day 2017 (2) Valentine's Day 2016 Pokémon Trainer Togepi
    Penguin

    Sonia A Beautiful Soul and a Heart of Gold. <3
    $200 USD Donor New

    Weak passwords | Change your password NOW if its in this list
    I find it rather stupid that anyone could be so simple minded to want to have passwords so simple.

    I mean I don't know, maybe these people were vaders and didn't care for their accounts? Or just really lazy people.
     
    Share
    ^ Wortel likes this.
  5. Unread #3 - Jul 22, 2016 at 1:41 AM
  6. PodolskiFTW
    Joined:
    May 8, 2016
    Posts:
    241
    Referrals:
    0
    Sythe Gold:
    273

    PodolskiFTW Active Member
    Banned

    Weak passwords | Change your password NOW if its in this list
    Don't think it was a good idea to put the list of passwords man. Before you know it, someone with a brute force hacker could be trying out those passwords one by one on every single sythe user.
     
    Share
  7. Unread #4 - Jul 22, 2016 at 3:09 AM
  8. Kronixx
    Joined:
    Apr 7, 2013
    Posts:
    2,242
    Referrals:
    1
    Sythe Gold:
    388
    Cook Sythe's 10th Anniversary Supporting Business Two Factor Authentication User

    Kronixx Grand Master
    $200 USD Donor New

    Weak passwords | Change your password NOW if its in this list
    It doesn't matter any password list will already include these. This information isn't anything new
     
    Share
    Last edited: Jul 22, 2016
  9. Unread #5 - Jul 22, 2016 at 5:45 AM
  10. Sythe
    Joined:
    Apr 21, 2005
    Posts:
    8,071
    Referrals:
    465
    Sythe Gold:
    5,271
    Discord Unique ID:
    742989175824842802
    Discord Username:
    Sythe
    Dolan Duck Dolan Trump Supporting Business ???
    Poképedia
    Clefairy Jigglypuff
    Who did this to my freakin' car!
    Hell yeah boooi
    Tier 3 Prizebox Toast Wallet User
    I'm LAAAAAAAME Rust Player Mewtwo Mew Live Free or Die Poké Prizebox (42) Dat Boi

    Sythe Join our discord

    test
    Administrator Village Drunk

    Weak passwords | Change your password NOW if its in this list
    Dictionary attack can't be run directly against the site due to incorrect password lockout. And as the above poster points out anyone can get a dictionary or a list of weak passwords like for example here: The Top 500 Worst Passwords of All Time
     
    Share
  11. Unread #6 - Jul 22, 2016 at 12:40 PM
  12. SuF
    Joined:
    Jan 21, 2007
    Posts:
    14,212
    Referrals:
    28
    Sythe Gold:
    1,234
    Discord Unique ID:
    203283096668340224
    <3 n4n0 Two Factor Authentication User Community Participant Spam Forum Participant Sythe's 10th Anniversary

    SuF Legend
    Pirate Retired Global Moderator

    Weak passwords | Change your password NOW if its in this list
    Are Sythe passwords stored in plain text if you've got a list of them?
     
    Share
  13. Unread #7 - Jul 22, 2016 at 2:38 PM
  14. Moes
    Joined:
    Sep 22, 2012
    Posts:
    3,872
    Referrals:
    9
    Sythe Gold:
    4
    Vouch Thread:
    Click Here
    Heidy Le Kingdoms Player <3 n4n0 Le Monkey In Memory of Jon Green eggs and spam Extreme Homosex MushyMuncher Potamus (2)
    Gohan has AIDS Lumpy Space Princess Pokémon Trainer Wait, do you not have an Archer rank?

    Moes Software engineer
    Retired Global Moderator You Shall Not Pass Dot Net Programmer

    Weak passwords | Change your password NOW if its in this list
    No. They're properly hashed.
     
    Share
  15. Unread #8 - Jul 22, 2016 at 2:58 PM
  16. RiskofSTDs
    Joined:
    Feb 24, 2011
    Posts:
    1,313
    Referrals:
    0
    Sythe Gold:
    42
    Discord Unique ID:
    178290617107873792
    Discord Username:
    Risko#0267
    Paper Trading Competition Participant Easter 2016 Poképedia

    RiskofSTDs Guru
    $25 USD Donor New

    Weak passwords | Change your password NOW if its in this list
    i'm glad to find out people still use "password" as a password. "sexsex" "pussy" and "tits" are my fav tho lmao
     
    Share
  17. Unread #9 - Jul 22, 2016 at 3:25 PM
  18. SuF
    Joined:
    Jan 21, 2007
    Posts:
    14,212
    Referrals:
    28
    Sythe Gold:
    1,234
    Discord Unique ID:
    203283096668340224
    <3 n4n0 Two Factor Authentication User Community Participant Spam Forum Participant Sythe's 10th Anniversary

    SuF Legend
    Pirate Retired Global Moderator

    Weak passwords | Change your password NOW if its in this list
    Then how did Sythe get a list of them? Are they not salted so he could just use a table lookup? Is there just one salt value for all the passwords and he brute forced his own table?
     
    Share
    ^ MoonGlare likes this.
  19. Unread #10 - Jul 22, 2016 at 4:38 PM
  20. MoonGlare
    Joined:
    Sep 26, 2011
    Posts:
    3,327
    Referrals:
    4
    Sythe Gold:
    616
    Discord Unique ID:
    257740424829992960
    Paper Trading Competition Participant In Memory of Jon Battleship Champion Heidy

    MoonGlare Veni. Vidi. Vici
    Graphics Artist Retired Sectional Moderator Competition Winner

    Weak passwords | Change your password NOW if its in this list
    This man asking the real questions...
     
    Share
    ^ Jeffo likes this.
  21. Unread #11 - Jul 22, 2016 at 4:59 PM
  22. Moes
    Joined:
    Sep 22, 2012
    Posts:
    3,872
    Referrals:
    9
    Sythe Gold:
    4
    Vouch Thread:
    Click Here
    Heidy Le Kingdoms Player <3 n4n0 Le Monkey In Memory of Jon Green eggs and spam Extreme Homosex MushyMuncher Potamus (2)
    Gohan has AIDS Lumpy Space Princess Pokémon Trainer Wait, do you not have an Archer rank?

    Moes Software engineer
    Retired Global Moderator You Shall Not Pass Dot Net Programmer

    Weak passwords | Change your password NOW if its in this list
    These passwords were retrieved from an old 2014 database. Vbulletin 3 uses md5 hashing with a unique salt for each password. Nowadays we use much better hashing techniques.
     
    Share
    Last edited: Jul 22, 2016
  23. Unread #12 - Jul 22, 2016 at 7:09 PM
  24. Sythe
    Joined:
    Apr 21, 2005
    Posts:
    8,071
    Referrals:
    465
    Sythe Gold:
    5,271
    Discord Unique ID:
    742989175824842802
    Discord Username:
    Sythe
    Dolan Duck Dolan Trump Supporting Business ???
    Poképedia
    Clefairy Jigglypuff
    Who did this to my freakin' car!
    Hell yeah boooi
    Tier 3 Prizebox Toast Wallet User
    I'm LAAAAAAAME Rust Player Mewtwo Mew Live Free or Die Poké Prizebox (42) Dat Boi

    Sythe Join our discord

    test
    Administrator Village Drunk

    Weak passwords | Change your password NOW if its in this list
    We have never stored passwords in plaintext.

    I had our resident security expert @Moes try to crack whatever hashes he could out of the 2014 data leak. The hashes for these passwords were weak enough to crack with a home computer in about 10 hours (because the underlying passwords are very weak.)

    A large number of other databases from related sites have been leaked over the last two years. Weak passwords are often correlated with similar or identical passwords used between sites.

    By posting a list of these weak passwords -- which competent hackers already have -- I hope to send a wake up call to anyone using weak passwords.

    Alway use different password on different sites
    Always use strong and long passwords
    Always use 2fa
     
    Share
    ^ Jeffo, Sonia and Moes like this.
    Last edited: Jul 22, 2016
  25. Unread #13 - Jul 22, 2016 at 9:57 PM
  26. SuF
    Joined:
    Jan 21, 2007
    Posts:
    14,212
    Referrals:
    28
    Sythe Gold:
    1,234
    Discord Unique ID:
    203283096668340224
    <3 n4n0 Two Factor Authentication User Community Participant Spam Forum Participant Sythe's 10th Anniversary

    SuF Legend
    Pirate Retired Global Moderator

    Weak passwords | Change your password NOW if its in this list
    Ah. MD5 explains quite a lot. Makes a lot of sense. Thanks!
     
    Share
  27. Unread #14 - Jul 23, 2016 at 10:06 AM
  28. wackywamba
    Joined:
    Jul 14, 2005
    Posts:
    1,358
    Referrals:
    0
    Sythe Gold:
    1

    wackywamba Guru

    Weak passwords | Change your password NOW if its in this list
    Perhaps it'd be worthwhile to mention that password managers are the proper way to address this - LastPass, KeePass, OnePass, etc. Generate yourself a 40 random character password and forget about it.
     
    Share
  29. Unread #15 - Jul 23, 2016 at 11:37 AM
  30. Moes
    Joined:
    Sep 22, 2012
    Posts:
    3,872
    Referrals:
    9
    Sythe Gold:
    4
    Vouch Thread:
    Click Here
    Heidy Le Kingdoms Player <3 n4n0 Le Monkey In Memory of Jon Green eggs and spam Extreme Homosex MushyMuncher Potamus (2)
    Gohan has AIDS Lumpy Space Princess Pokémon Trainer Wait, do you not have an Archer rank?

    Moes Software engineer
    Retired Global Moderator You Shall Not Pass Dot Net Programmer

    Weak passwords | Change your password NOW if its in this list
    Yeah. I use Keepass myself to store all my passwords.
     
    Share
    Last edited: Jul 23, 2016
  31. Unread #16 - Jul 23, 2016 at 9:24 PM
  32. Govind
    Joined:
    Apr 22, 2005
    Posts:
    7,825
    Referrals:
    13
    Sythe Gold:
    23
    Prove it! Trole Tier 1 Prizebox Tortoise Penis Le Monkey UWotM8? Wait, do you not have an Archer rank? Potamus

    Govind The One Musketeer
    Mudkips Highly Respected Retired Administrator

    Weak passwords | Change your password NOW if its in this list
    VB 3.6.whatever used MD5(CONCAT(MD5(pass), salt)) if I'm not mistaken; what does Xen use?
     
    Share
< [[Reward]] for any live exploits affecting Sythe | >

Users viewing this thread
1 guest
Thread Status:
Not open for further replies.


 
 
Adblock breaks this site