GENWiki

Premier IT Outsourcing and Support Services within the UK

User Tools

Site Tools

Trace: password
archive:computers:password

VERY good advice about your password. Originally sent on STaTus BBS, and reprinted here by permission of the author.

Message : 9359 [Open] 3-31-91 9:40am From : Murray Moffatt To : Jon Clarke (x) Subject : #9344 hi Sig(s) : 1 (General)

Speaking of passwords, I think it's probably a good idea that someone should advise our new (and not so new) users on the art of picking passwords. Anybody volunteer? Speak now or forever hold your peace? No? Ok, I'll take it on myself to do this.

Your password is the only thing that stands between you and some nasty haker-type person. Your username is common knowledge to everybody that uses the system, so you must keep your password secret. This means not telling people, or lending it to people, or writing it down and sticking it to your screen, or anything like that.

It also means that you must choose your password carefully. Recent experiements have shown that 25% of people choose passwords that can easily be hacked. The method that is most often used to hack a password is called the 'dictionary hack'. The hacker gets a dictionary and goes through it trying each word as the password. Of course he doesn't do this by hand, he writes a little prog to do it, and the dictionary is a file of words. So, if you use a word that is found in the dictionary, you'll be found out. Just stop for a second and think if any of your passwords are words that are found in the dictionary?

So, how do you combat this? Simple, don't choose words from the dictionary! But at the same time it's not a good idea to use dates, number plates, phone numbers, etc. The best ways are to make us words. Simply string two or more words together to form a new word. For example, BLADE and RUNNER may be in the dictionary, but I'll bet that BLADERUNNER or BLADE-RUNNER or BLADE.RUNNER isn't! You can also use the initial letters from words of a phrase. For example, Three Blind Mice Ran Up The Clock would translate to a password of TBMRUTC. Looks like a nonsense word, doesn't it? But it means something to you, you just have to remember the phrase.

Also, remember not to use the same password on different systems. I know that this is a hard thing not to do, but try to have different passwords on each board you use. And change the passwords regularly. Where I work all the passwords expire after 30 days, and you're forced to enter a new one. Some systems, like IBM systems, remember the last 5 or so passwords that you've used, and won't let you re-use them. They also force you to have at least one digit in the password and other things as well.

Oh, and one last thing. There are a whole lot of commonly used passwords. These passwords are used so often by people, that the hacker will always try these first.

Heres a list that I grabbed of Usenet that someone posted of the most commonly used passwords:

alt/security/ 369 From: jsax@cdp.UUCP Subject: Re: OVERUSED PASSWORDS Date: 9 Jan 91 05:08:00 GMT Nf-ID: #R:cdp:1159900002:cdp:1159900003:000:6649 Nf-From: cdp.UUCP!jsax Jan 8 21:08:00 1991

Taken from 

            'A Novice's Guide to Hacking- 1989 Edition'
                                 by
                          The Mentor LOD/H

Password List 

                            =============

aaa daniel jester rascal 

    academia           danny              johnny             really
    ada                dave               joseph             rebecca
    adrian             deb                joshua             remote
    aerobics           debbie             judith             rick
    airplane           deborah            juggle             reagan
    albany             december           julia              robot
    albatross          desperate          kathleen           robotics
    albert             develop            kermit             rolex
    alex               diet               kernel             ronald
    alexander          digital            knight             rosebud
    algebra            discovery          lambda             rosemary
    alias              disney             larry              roses
    alpha              dog                lazarus            ruben
    alphabet           drought            lee                rules
    ama                duncan             leroy              ruth
    amy                easy               lewis              sal
    analog             eatme              light              saxon
    anchor             edges              lisa               scheme
    andy               edwin              louis              scott
    andrea             egghead            lynne              scotty
    animal             eileen             mac                secret
    answer             einstein           macintosh          sensor
    anything           elephant           mack               serenity
    arrow              elizabeth          maggot             sex
    arthur             ellen              magic              shark
    asshole            emerald            malcolm            sharon
    athena             engine             mark               shit
    atmosphere         engineer           markus             shiva
    bacchus            enterprise         marty              shuttle
    badass             enzyme             marvin             simon
    bailey             euclid             master             simple
    banana             evelyn             maurice            singer
    bandit             extension          merlin             single
    banks              fairway            mets               smile
    bass               felicia            michael            smiles
    batman             fender             michelle           smooch
    beauty             fermat             mike               smother
    beaver             finite             minimum            snatch
    beethoven          flower             minsky             snoopy
    beloved            foolproof          mogul              soap
    benz               football           moose              socrates
    beowulf            format             mozart             spit
    berkeley           forsythe           nancy              spring
    berlin             fourier            napoleon           subway
    beta               fred               network            success
    beverly            friend             newton             summer
    bob                frighten           next               super
    brenda             fun                olivia             support
    brian              gabriel            oracle             surfer
    bridget            garfield           orca               suzanne
    broadway           gauss              orwell             tangerine
    bumbling           george             osiris             tape
    cardinal           gertrude           outlaw             target
    carmen             gibson             oxford             taylor
    carolina           ginger             pacific            telephone
    caroline           gnu                painless           temptation
    castle             golf               pam                tiger
    cat                golfer             paper              toggle
    celtics            gorgeous           password           tomato
    change             graham             pat                toyota
    charles            gryphon            patricia           trivial
    charming           guest              penguin            unhappy
    charon             guitar             pete               unicorn
    chester            hacker             peter              unknown
    cigar              harmony            philip             urchin
    classic            harold             phoenix            utility
    coffee             harvey             pierre             vicky
    coke               heinlein           pizza              virginia
    collins            hello              plover             warren
    comrade            help               polynomial         water
    computer           herbert            praise             weenie
    condo              honey              prelude            whatnot
    condom             horse              prince             whitney
    cookie             imperial           protect            will
    cooper             include            pumpkin            william
    create             ingres             puppet             willie
    creation           innocuous          rabbit             winston
    creator            irishman           rachmaninoff       wizard
    cretin             isis               rainbow            wombat
    daemon             japan              raindrop           yosemite
    dancer             jessica            random             zap

—-snip—–snip———–

The Internet Worm used a lot of the above passwords in it's first password pass. After that it just used the dictionary, etc.

It'd really be worth it to check this list when people change passwords. That plus 1-2 month password expire is good security.

It's amazing how many people use SECRET or MODEM for their password. Not to mention using their first name..

Jon "God hates me." 

       vector0!jon@sactoh0.SAC.CA.US     "Hate 'im back, works for me."
 ...ames!pacbell!sactoh0!vector0!jon

alt/security/ 372 From: shipley@remarque.berkeley.edu (Pete Shipley) Subject: Re: OVERUSED PASSWORDS Date: 10 Jan 91 01:58:06 GMT Organization: Processed People for a Processed America

In article <1159900002@cdp> jsax@cdp.UUCP writes:


I received this from a respondent to my article on alt.security
recently. Is your password on the list? (Tell me! Tell me!)

These are passwords that were used by the Internet worm, and
are included in COPS.


aaa

I person would be crazy to admit there password is on that list, because you will be able to crack that persons account in less then two minutes using telnet.

Note that list is used my everyone, it is effective on non-educated users but since every password checker written in the last five years has this list (or the list the internet worm was built from) it is not as useful as it once was for password cracking. I suggest aquiring a list of female names, I have had the most sucess with those lists.

My 8mm tape collection used a list of common last names, female names, male names, the worm list, /usr/dict/words (from SunOS 4.1) and the word list from Webster's 7th Collegiate Dictionary, plus a list I put together (contains default password some OS's come with).

  1. Pete

Pete Shipley: email: shipley@berkeley.edu Flames: cimarron@postgres.berkeley.edu 

     uunet!lurnix!shipley or ucbvax!shipley or apple!nli!{root,shipley}

Spelling corections: /dev/null Quote: "Anger is an energy"

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: 

/data/webs/external/dokuwiki/data/pages/archive/computers/password.txt · Last modified: 1999/08/01 17:51 by 127.0.0.1
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki