I've been so stupid to create a 22 character password that I can hardly remember and type wrong at least once before getting it right.

How do you select passwords ?

BlueZebra said:

I have one that is mispelled harder to crack

ZombieKitten said:

also harder to remember or does it grow on you ?

"10. 'thomas' (0.99‰)
First off, at number 10, is the most common format of passwords - the name. Thomas is a perennially popular name in the UK (2nd most popular in 2000), so it is perhaps no surprise that it makes the top 10, with nearly 1 in 1,000 people opting for this ubiquitous forename as their password.

We can only guess that there are a lot of fans of Thomas Jefferson or Thomas Edison out there! The high prevalence of Christian names only further reinforces the fact that loved ones are a common choice when it comes to passwords.

9. 'arsenal' (1.11‰)
Football teams tend to be another popular choice, and the gunners fall in 9th place. This may or may not be reflective of the fact that the word 'arsenal' starts with a 4-letter swear word - another popular choice when it comes to passwords.

Arsenal are ranked 6th overall in average attendance rankings, and are the 2nd most popular football-related password.

8. 'monkey' (1.33‰)
Quite why the monkey makes it into 8th place is beyond me, but the fact that it's a 6-letter word (6 letters is a typical minimum length for passwords), is easily typed and is memorable probably helps cement its position as ideal password material.

Still, it's quite worrying that there's such a trend - perhaps the internet and monkeys are inextricably linked?

7. 'charlie' (1.39‰)
Another name - nowhere near as common a name as No. 10, Thomas, but it's our most popular name-based password overall.

Could of course, be a homage to a number of famous Charlies - Chaplin, Sheen, or those of a Chocolate Factory persuasion. Or, of course, it could just be the case that they're referring to it's slang usage.

6. 'qwerty' (1.41‰)
I wonder where the inspiration for this one came from? Perhaps when faced with a blinking cursor and an instruction to choose a password people will tend to look to the things closest to them - which would explain why 1 in 700 people choose 'qwerty' as their password.

5. '123456' (1.63‰)
Can you count to 6? It's the most common minimum required length of password - and the 5th most common password.

4. 'letmein' (1.76‰)
A modern-day version of 'open sesame' - and 1 person in 560 will type 'letmein' as their password. Quite why is beyond me.

I could be mistaken, but I have a hunch that 'letmein' has been featured in a movie or TV series - Fox Mulder's password from the X Files - 'trustno1' - also ranked quite highly.

3. 'liverpool' (1.82‰)
The most popular football team by some margin, Liverpool was the third most popular password overall. Does this mean that 1 in 550 people is such a devout Liverpool fan that they would be willing to entrust private data to the team they love?

Liverpool ranked 3rd in the average attendance ratings - leaving the 2 most popular teams, Manchester United and Newcastle United, out of the top 10 list - perhaps because they're too long and difficult to type.

2. 'password' (3.780‰)
Akin to pressing the 'any' key, when told to enter a 'password', it would seem that users aren't the sharpest tool in the box - with almost 1 in 250 people choosing the word 'password'.

1. '123' (3.784‰)
With nearly 4 people in 1,000 opting for a simple numerical sequence as their password (it should be noted that there was no lower length limit specified), '123' must be the first thing a lot of people think of when asked to specify a password. One dreads to think what their PIN number might be!


Conclusion
The above figures mean that 1.8% of people use one of the above passwords - and 6.5% of people share a password from the top 100 list. Although the remaining 90+% have less common (or even unique) passwords, the trends towards simplistic and guessable show that the average user cares less about choosing a strong password and more about memorability. Or in some cases, their football team.

I won't go in-depth about how to make sure you have a strong password - there are plenty of guides out there - but the above list should certainly prove a useful guide as to what sort of password to avoid.

In a day when all our private data and banking information is stored behind simple secret words and phrases, it makes sense to narrow the probability of guesswork as slim as possible."
http://modernl.com/articl...-passwords

BlueZebra said:

muscle memory
my hands can type it without me even thinking

I used to work at a museum and we were required to create new alpha-numeric passwords every 90 days. I would usually just take the name of a current exhibition, substitue an @ for an 'a', a 0 for an 'o', and put a ! on the end for good measure.

DevotedPuppy said:

@ndywarh0l!

not bad !!!

nicknames

mine are all in portuguese.

Mine are a variation of the same idea.

Password is what?

MarySharon said:

exactly !

things i love

BlueZebra said:

I choose everyday words and replace some of the letters with numbers. 3 for e and stuff like that.
[Edited 3/24/09 7:52am]

missmad said:

prince isn't the greatest password ... now back in his symbol days, that was something else !

ZombieKitten said:

I was just thinking ...

why would (example) organizer be harder to crack than ogranizre ?

I have 26 to the 9th chance on both passwords

kimrachell said:

smart!

Shoot if I tell you how, then you can crack my code!

MoniGram said:

"Compreendo" is as difficult to crack as "Understood" ...

Always at least 1 uppercase
Always at least 2 numbers
Usually at least 1 non alphanumeric symbol
Always at least 8 digits long

one trick I use is song lyrics

From "the first cut is the deepest" :
When it comes to lovin' me, she's worst
But when it comes to being loved, she's first

W1c2Lm,sW.Bwic2bLsS1st!

you can type it to the beat of the song ... easy

mdiver said:

Why 8 digits ? (you know that's a rhetorical question ... but answer it please)

BlueZebra said:

Most people when trying to hack a password will try 4 then 5 and possibly 6. Plus 8 is often the default required length for many server logins so i have taken to that so i dont have to add digits to my usual one and end up forgetting them.

mdiver said:

the 8 character myth dates back to when MS was still using NTLM. It padded passwords not longer than 14 characters before computing the hash and it didn't salt the hash. Additionally it computed two hashes of the separate 7 bytes, hence a password of less than 8 characters would always yield the same hash for the second part.

Ok ... I'll stop now ... but you gotta check out "pass the hash" :p it's fun.

BlueZebra said: