The Passwords Most Used By CEOs Are Startlingly Dumb (pcgamer.com) 110
A recent cybersecurity report shows how immensely idiotic many CEOs and business owners can be, considering the strength of their chosen account passwords. PC Gamer reports: The research comes from NordPass password manager which identified back in 2020 that the general public's most commonly used passwords were sequential numbers like '123456', 'picture1', and yep, you guessed it: 'password'. The more recent research sample consists of 290 million cybersecurity data breaches around the globe, and denotes the job level of those affected. Turns out, when it comes to CEOs and other high-ranking businesses execs, their password choices are much the same as the general public, although many often feature names. Tiffany was spotted in 100,534 breaches; then there was Charlie with 33,699; Michael was found 10,647 times; and Jordan, 10,472 times.
The report also ranks mythical creatures and animals as some of the top passwords to have been cracked in data breaches. 'Dragon' was spotted 11,926 times, and 'monkey' comes in at 11,675. I spoke to IT support engineer Ash Smith, who recommends that companies should consider handing out randomly generated passwords as new accounts are created. "Arguably the strongest passwords are 3 random words, something that you can make a story about in your head to help you remember," he says.
The report also ranks mythical creatures and animals as some of the top passwords to have been cracked in data breaches. 'Dragon' was spotted 11,926 times, and 'monkey' comes in at 11,675. I spoke to IT support engineer Ash Smith, who recommends that companies should consider handing out randomly generated passwords as new accounts are created. "Arguably the strongest passwords are 3 random words, something that you can make a story about in your head to help you remember," he says.
CEOs are generally not security experts (Score:2)
So they count as normal people here, possibly with inflated egos in quite a few cases. Hence, what is the story?
Re:CEOs are generally not security experts (Score:5, Insightful)
So they count as normal people here, possibly with inflated egos in quite a few cases. Hence, what is the story?
Perhaps the story should be why we pay those "normal" idiots 300x more than the average worker, since they're so damn good at leading by moronic example.
Re: (Score:2)
Well, I have been wondering that for a long, long time. I hear the job completely sucks though, unless you are a psycho. Probably the reason why so many psychos are in the CEO slot.
Re: (Score:2)
CEOs aren't paid because they're smart. They're paid because they take risks (explains the password choice).
BTW, I can't tell you how many times I've seen "smart" people use the password NCC-1701... it's like a plague.
Re: CEOs are generally not security experts (Score:2)
Jokes on you, mine is APP-6256
Re:CEOs are generally not security experts (Score:5, Insightful)
What is stopping you?
ceo "nature" demands some psychotic traits i do not have. i have others.
Why are you just impotently complaining on Slashdot?
instead of ... being a ceo? :-P
ceo: person who abstains from using slashdot. because he/she/it is the paradigm of success or some bullshit.
a funny world you imagined there!
Re: CEOs are generally not security experts (Score:1)
"What is stopping you?"
>>ceo "nature" demands some psychotic traits i do not have. i have others.>instead of ... being a ceo? :-P
ceo: person who abstains from using slashdot. because he/she/it is the paradigm of success or some bullshit.
a funny world you imagined there!
I know that CEOs should be here, at least reading slashdot, if not commenting and maybe even learning something.
Just my 7 cents (inflation)..
Re:CEOs are generally not security experts (Score:5, Insightful)
So why aren't you a CEO? Surely you can outthink these bozos and beat one of them into some high paying position.
Already answered accurately, but I'll just re-confirm it. It takes a touch of psychopath to be a good CEO. Some, have got what it takes. Most, can't stomach it. Doesn't mean the CEO is any less of an average moron. They'll convince themselves that the Chief Scapegoat Officer's dick laying on the chopping block, solved all the problems from the cyberattack created by said CEO.
And then they'll sit back and do it again. Company might go out of business this time around. Like the one with the golden parachute gives a flying fuck.
Yup. That ignorant. All day, every day. Maybe we should stop wondering why we have such shitty leaders in the US when the constituency works for, and votes for that stupidity.
Re: (Score:2)
>So why aren't you a CEO?
When engineers make it to be CEO, they usually turns out to be effective. Think the original HP leaders, or Tesla, or Intel in the Moore/Grove days.
The trouble is trying to fight your way up there amongst the corporate politicians who are way better at it than you.
So engineer CEOs are usually around at or near the start of the company. The company succeeds, then they get replaced by people with only a passing knowledge of the technology but brimming with 'leadership' qualities th
Re: (Score:3)
So why aren't you a CEO? Surely you can outthink these bozos and beat one of them into some high paying position
Because I wasn't the son of a rich landowner who introduced me into the old boys club when he paid for me to take a place I wasn't qualified for at Eton college where I did a media studies degree (basically faffed about for 4 years) before daddy got me a cushy job to write nonsense in the Maily Snail until a junior management position opened up and I could spend all day playing golf safely protected from my incompetent decisions.
I was born poor and without family connections, you know... actually had to
Re: (Score:2)
I'm not a security expert by any stretch of the imagination. I know just enough - mostly theory rather than practical application - to possibly convince some idiot that I could secure their computer or maybe even their whole network.
I'd tell them to do everything all the pop-culture tech people to do and try to sound really smart while I did so because I was preparing to send them a huge consulting bill. That would probably save them money in the long run.
I figured out a long time ago the my passwords were
What's wrong with (Score:1)
..."picture1"?
Not great, but not super-obvious either. I agree "picture" is a common word, but so is "common" and "word".
Re: (Score:3)
It's a mere 8 characters, only one word and one digit. No mixed case or symbols either. So, it's complexity is quite low, making it easy for automated guessing algorithms to guess and very easy for rainbow table [wikipedia.org] attacks.
In finding a balance between password strength and usability, go for long passwords with multiple words and throw in a few numbers and symbols. Even if you do upper casing on each word, which doesn't strengthen it very much against guessing, it still helps against rainbow table attacks.
"O
Re: (Score:1)
> "OnePictureOf42&You" would be a much stronger password, and it is quite easy to memorize.
I'd definitely screw that up on a Monday. I'm not very good at typing without visual feedback.
Re: (Score:1)
Please stop publishing my password. I've been using it for decades on all my accounts and it's worked fine so I see no need to change it.
Re: (Score:2)
If people really want to see how it goes, then just create a hash of that password, then set jacktheripper or similar tools against it and anyone can see that word + number is one of the first few patterns and this gets cracked very, very quickly.
Honestly, a lot of the password advice didn't click for me until I saw how the tools used to break password hashes worked. Now I choose things that are higher entropy and less likely to be among their patterns or otherwise short enough to crack.
Re: (Score:2)
"OnePictureOf42&You" would be a much stronger password, and it is quite easy to memorize.
Correct horse!
Re: (Score:2)
Battery Staple!
WORDS ARE BAD (Score:2)
An educated person might have a 20k vocab; I bet you that the average person doesn't choose from that large of a vocab. You could force 1 non-ascii unicode character and in theory blow up the search space far more but people will pick from just a few unicode characters... password+emjoii like they did with password+ number = password1
Users are not security experts. Humans are not random even when they try to be they are not perfectly random.
Easier use of keychains... forget this annoying error prone 2 fac
Re: (Score:2)
Management! (Score:5, Interesting)
Most of the time, management do enforce strong password, change once a month, no repeating, etc to everyone... yet they are always excluded from those rules, because they are "too important" to be bothered with those things
Re:Management! (Score:5, Insightful)
So, in violation of NIST guidelines [nist.gov] ("Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically)."). Because, remembering a new "strong" password every month is hard, and only causes people to write it on a sticky note under the keyboard.
Re: (Score:2)
Totally agree... yet i see many companies that IT directors do that... no wounder that people write their password in post-it or create simple rule based password (like the month name and the calendar picture)
Enforcing a too short password change results in worse protection... but those IT directors are the same that create those rules to exclude themself and management exclusion from those rules
Re: (Score:2)
I had an account once at a place I didn't really want to have an account. They instituted a stupid monthly password change policy. I sent them a paper on monthly changes decreasing security, but no dice.
My first password was "this is stupid." A month later it became "this is fucking stupid." I got pretty creative until I finally ran out of profanity and they finally agreed to delete the account.
Re: (Score:2)
Actually, it worse than that - it results in people picking less difficult to remember passwords of lower difficulty to remember. Like instead of some long phrase or other thing, they may use the month and year (numbers, letters (capitals and lower case, if needed)) and maybe a period or something to add your symbol.
Or they just make it an incrementing one, liek Password1
Re:Management! (Score:5, Insightful)
When any security manager is hired onto a company, they should not consider taking the job until a specific question is answered.
(Security Manager to CEO) "Do I maintain the authority to tell even you 'No', if prudent to maintain proper security?"
If a CEO has to question or think about giving a Subject Matter Expert they hired anything less than 100% support when absolutely justified, then understand they're looking for a Chief Scapegoat Officer.
Proceed carefully. It sure as hell won't be anyone else's dick on the chopping block when the shit hits the ransomfan.
Re: (Score:2)
When any security manager is hired onto a company, they should not consider taking the job until a specific question is answered.
(Security Manager to CEO) "Do I maintain the authority to tell even you 'No', if prudent to maintain proper security?"
If a CEO has to question or think about giving a Subject Matter Expert they hired anything less than 100% support when absolutely justified, then understand they're looking for a Chief Scapegoat Officer.
Proceed carefully. It sure as hell won't be anyone else's dick on the chopping block when the shit hits the ransomfan.
I suspect you'd have a lot of trouble getting CEO's to answer yes to that question, at least not without them rephrasing.
Letting the Security Manager do their job, including telling the CEO 'No', is one thing. But I'm not sure anyone has the authority to tell the CEO to do anything.
Re: (Score:3)
Letting the Security Manager do their job, including telling the CEO 'No', is one thing. But I'm not sure anyone has the authority to tell the CEO to do anything.
(Security Manager to CEO) "So, you're going to tell the hacker holding your data hostage who has the 'authority' here? Hang on a minute, I need to make popcorn. Yeah, it's kind of a tradition now."
And if you truly think no one holds the authority to tell a CEO 'No', then I wonder why Boards exist. CEOs do get fired. That is a thing.
Re: (Score:2)
Letting the Security Manager do their job, including telling the CEO 'No', is one thing. But I'm not sure anyone has the authority to tell the CEO to do anything.
(Security Manager to CEO) "So, you're going to tell the hacker holding your data hostage who has the 'authority' here? Hang on a minute, I need to make popcorn. Yeah, it's kind of a tradition now."
And if you truly think no one holds the authority to tell a CEO 'No', then I wonder why Boards exist. CEOs do get fired. That is a thing.
They have the power to fire the CEO, and I think the Chair of the board might actually have authority over them, but I doubt any employee has authority over the CEO.
I'm not saying the CEO shouldn't listen to the security manager and rigorously follow their recommendations, but asking for authority over the CEO isn't going to happen.
Lets put it another way, if you think the CEO is so incompetent that they won't take good and necessary advice from employees then you shouldn't take a senior position in that or
Re: (Score:2)
Finance regulations. Privacy laws. Professional and personal laws of conduct in society and the workplace. There are many things that every employee all the way up to and including the CEO, must maintain a zero tolerance stance on.
What a good Security Officer is actually asking here, is for the CEO to lead by example. For ironically every reason you've cited regarding their ultimate power and authority over the company. If a CEO asks for an unjustified exception, then they may not really respect the ve
Re: (Score:2)
Finance regulations. Privacy laws. Professional and personal laws of conduct in society and the workplace. There are many things that every employee all the way up to and including the CEO, must maintain a zero tolerance stance on.
Sure, but that doesn't mean those individuals have authority over the CEO.
What a good Security Officer is actually asking here, is for the CEO to lead by example.
Agreed. But by asking for authority you were turning it into a pissing contest where the Security Officer/Manager is asking to be the boss in certain circumstances.
A good CEO should hire good people and take their advice. It shouldn't matter if the Security person has "authority" because the CEO should be following good advice when given.
And yes, there's probably circumstances where enduring a short term security risk is a necessary g
Re: (Score:2)
Finance regulations. Privacy laws. Professional and personal laws of conduct in society and the workplace. There are many things that every employee all the way up to and including the CEO, must maintain a zero tolerance stance on.
Sure, but that doesn't mean those individuals have authority over the CEO.
Third party audits are in fact third party for a very specific reason; so a CEO or anyone else being audited cannot create or enforce undue pressure and/or authority over said third party, for the purposes of hiding or obscuring shitty security practice.
Yes, from criminal to civil violations, many have authority over a CEO. A CEO cannot openly and blatantly commit a crime and then whip out their business card in defense. It's a business title, not a get-out-of-jail-free card.
What a good Security Officer is actually asking here, is for the CEO to lead by example.
Agreed. But by asking for authority you were turning it into a pissing contest where the Security Officer/Manager is asking to be the boss in certain circumstances.
A good CEO should hire good people and take their advice. It shouldn't matter if the Security person has "authority" because the CEO should be following good advice when given.
Yes, they should be following
Re: (Score:2)
Finance regulations. Privacy laws. Professional and personal laws of conduct in society and the workplace. There are many things that every employee all the way up to and including the CEO, must maintain a zero tolerance stance on.
Sure, but that doesn't mean those individuals have authority over the CEO.
Third party audits are in fact third party for a very specific reason; so a CEO or anyone else being audited cannot create or enforce undue pressure and/or authority over said third party, for the purposes of hiding or obscuring shitty security practice.
Yes, from criminal to civil violations, many have authority over a CEO. A CEO cannot openly and blatantly commit a crime and then whip out their business card in defense. It's a business title, not a get-out-of-jail-free card.
Of course a CEO is still subject to laws. Though for 3rd party audits while the CEO doesn't have authority over the 3rd party (they work for another organization!!) I don't think the 3rd party has authority inside the company except the authority that has been granted them by the company (ultimately the CEO). If the auditor wants to see something they ask, if the request is denied without good cause then that shows up very poorly in the auditors report.
What a good Security Officer is actually asking here, is for the CEO to lead by example.
Agreed. But by asking for authority you were turning it into a pissing contest where the Security Officer/Manager is asking to be the boss in certain circumstances.
A good CEO should hire good people and take their advice. It shouldn't matter if the Security person has "authority" because the CEO should be following good advice when given.
Yes, they should be following advice. And sometimes th
Re: (Score:2)
Asking for authority is one thing, asking for authority over the CEO (which was your original phrasing) is a very different thing.
No one disagrees that the Security Officer should be given authority and leeway to ensure good security. What I'm arguing against is where you seemed to ask for this special ability to outrank the CEO is certain situations.
You seem to be contradicting yourself. If "no one disagrees", then we both understand the "given authority" and "leeway" you're talking about here, is exactly the authority I'm referring to in certain situations. And any policy or procedure that shifts that level of responsibility, even temporarily, will be vetted with legal first.
And yes, telling a CEO "No" at times, IS basically holding the given authority to outrank their decision at that moment. Sure, any reasonable CEO is going to ask for justificat
Re: (Score:2, Insightful)
"Do I maintain the authority to tell even you 'No', if prudent to maintain proper security?"
They'll always say yes, it doesn't mean you can actually tell them no in practice.
You have to continue having their support to keep the job, so it is a meaningless request.
It is just not that simple a problem, and can't be solved with a parlor trick.
Re: (Score:2)
Re: (Score:2)
Security is not an end state. I don't need them to follow my rules. I need them to agree to sign the paper that says
"I accept the risk"
All security policy has exceptions. I just need someone other than me to be responsible for the outcomes.
Re: (Score:1)
It was just too difficult for the handful of top-level staff to remember new dynamic WiFi passwords, change their passwords on even a 6-month basis, submit new devices for MAC authentication, or follow simple rule
Re: (Score:1)
Re: (Score:1)
Using strong passwords everywhere is a good idea. You're a lot less likely to have a single stolen password let someone break into multiple accounts. You may think it's a hassle to have to use a strong password for your trivial accounts, but it's much less hassle than having multiple accounts hacked from one security slip-up.
Seriously, though, just get a password manager. Most browsers these days have one built in and some kind of synchronization system so every instance of the browser can recall them.
a lot of CEO's... (Score:4, Insightful)
...are correspondingly dumb
"Most CEOs Are Startlingly Dumb" (Score:2)
title :
"The Passwords Most Used By CEOs Are Startlingly Dumb"
can be simplified to :
"Most CEOs Are Startlingly Dumb"
Re: (Score:2)
Re: (Score:2)
to be fair though, probably all of the CEO's I've personally worked with are pretty smart actually
I'd guess if they had bad passwords it's because they couldn't be bothered with making a "better" password
that's why it's not a bad idea to enforce some basic password requirements so people's passwords can't be easily cracked in a breach
nobidy would ever guess... (Score:3)
What a coincidence, (Score:1)
"StartlinglyDumb1" is ... was my Slashdot password.
Re: (Score:2)
what? (Score:2)
> Arguably the strongest passwords are 3 random words, something that you can make a story about in your head to help you remember
passwordpasswordpassword
Sure glad I've now got 'the strongest password'.
Re: (Score:2)
The first top 5 in a google search on "password tester" results for the above password:
29 quadrillion years 7 quadrillion years 0 seconds (or similar)
So online password testing parsers are mostly junk - at least an obvious test method..
FacePalm.
Re: (Score:2)
29 quadrillion years - two sites
7 quadrillion years - one site
0 seconds (or similar) - two sites
Re: (Score:2)
It would really depend on the method of attack they are estimating.
The chance of brute-forcing without a word list passwordpasswordpassword is going to be stupid low. The chance of cracking that with a word list (if you configured your wordlist to try passwordpasswordpassword) is pretty high.
Also, why doesn't anyone use spaces in passwords? It's perfectly fine and makes your password more conversational. Years ago my favorite password (being a judo fan) was "Ippon wins the match!"
Very strong, very unlikely
Re: (Score:2)
I was going with the '3 random words', that statement does not include spaces. The sentiment seems to be that I picked a long word. It could be as simple as:
III
'I' is a word after all.
Re: (Score:2)
XKCD [xkcd.com] is always relevant
Re: (Score:2)
Something tells me that you did not use a random process to obtain 3 dictionary words and just happened to receive the word "password" three times
Re: (Score:2)
Small dictionary, poor quality randomness. Ever tried 'shuffle' on an old iPod?
Re: (Score:2)
Ah, yes. https://xkcd.com/221/ [xkcd.com]
I'm shocked... (Score:2)
Shocked, I tell you! Well... not that shocked.
Let me stop you right there (Score:2)
"A recent cybersecurity report shows how immensely idiotic many CEOs and business owners can be"
Didn't need the report.
CorrectHorseBatteryStaple (Score:3)
As true then as it is now... https://xkcd.com/936/ [xkcd.com]
Re: (Score:2)
Password manager, for crying out loud (Score:3)
Strongest password would be the low-twenties-length random password generated by a password manager that you can just paste into the password field as needed. Use a password manager that stores it's database locally, not on-line. And use 2-factor authentication (preferably a hardware solution like Yubikey, or a TOTP code generator app on your phone, avoid SMS-based ones).
For passwords you have to actually type, like computer login passwords, it helps if you're used to touch-typing. Start with a first letter, then alternate hands adding the necessary number of digits, symbols and upper-case letters to get 8-10 characters with a distinctive feel to the order so you end up committing it to muscle memory more than anything else. Write it down on a slip of paper to remind yourself of it, and store that paper somewhere secure (a locked drawer or something) to protect against an evil maid attack through your cleaning service at work.
Don't change passwords too often, you want to be able to benefit from not having to memorize new ones often (the single most common driver of easy-to-guess passwords). Configure systems to lock the account after a few failures (3-5) to block attempts to guess the password. And for the love of little green apples don't use the same password across multiple accounts.
That'll make you as safe as you can get. You'll never be able to guard against the service getting hacked and their stored password data copied, all you can do there is hope they used a decent hashing algorithm
Re: (Score:2)
For passwords you have to actually type, like computer login passwords, it helps if you're used to touch-typing. Start with a first letter, then alternate hands adding the necessary number of digits, symbols and upper-case letters to get 8-10 characters with a distinctive feel to the order so you end up committing it to muscle memory more than anything else.
Nah. A sequence of a few randomly-chosen (really random) dictionary words provides just as much (or more) entropy and is much easier to remember and type. It's more letters to type, but if you type very much it's likely to be as fast or faster because you fingers "know" words. https://xkcd.com/936/ [xkcd.com] got it right.
For example, a 10-character password containing a random[*] mixture of upper and lowercase letters, digits and symbols such as "fFnDr2%69%" (just generated with https://passwordsgenerator.net... [passwordsgenerator.net])
Re: (Score:2)
When I migrated to using a password manager (KeepassXC, synced via SyncThing to Keepass2Android on my phone), I started using the password generator.
Which aren't fun to type when I wind up having to do that. Which is relatively frequently; I'm not planning on syncing my password database to my work computer.
I don't like the "use a touch-typing pattern" you describe- I find it hard to memorize and I have witnessed people make passwords like qwertyuiop "following" advice like that.
I prefer diceware- https://d [dmuth.org]
The value of password "strength"? (Score:3)
There's a subtle point to this story that I think is often overlooked. The dataset that the story is based off of is from data breaches. It doesn't matter if these passwords were "dumb" or extremely complicated, they were exposed in a data breach. Not from some brute force attack or guessing (which would presumably be easier with a dumb password), but because they were part of a large dataset that went public.
That's not to say people don't need passwords, or that there aren't accounts that need strong passwords because people could try to brute force or guess them. But gasping at the "dumbness" of passwords doesn't change the fact that the vast majority of accounts with even the "dumb" passwords would have never been hacked if they weren't part of a data breach.
Fun with passwords (Score:2)
Perhaps we should use passwords describing various perverse sex acts involving Russian and Chinese government officials and circus animals. It might be fun if state-sponsored hackers had to include such phrases in their password cracking efforts.
"No, honoured police lieutenant, I do not believe Chairman Xi's father seduced a panda. There is a high likelihood that this is the password of a GenTech researcher. Oh, sorry. It does not appear to be working now."
Meaty thwacking noises ensue, accompanied by sc
Am I the only one? (Score:2)
Re: (Score:2)
That is the nice thing about a password manager, you give it your passwords.. :)
Yeah, encryption, security, blah blah. Nobody cares this boring theory
Obviously by how the ranking works (Score:2)
If 998 persons have a randomly generated 16 character password, but 2 of them have “password” as their password, then “password” is the most common one. — This should be obvious since all the strong passwords are al counter as different, that is why they are strong, because they are hard to guess and thus unlikely to collide with any other password.
Yubikey (Score:2)
CEOs can't be trusted to use passwords. Make them use a hardware device, like Yubikey.
My password is (Score:1)
Y4@9n4+kZfup_c6xph
I chose each character with a random number generator hooked up to a physical high entropy source.
It's flawless. It's so good, I use it everywhere.
Re: (Score:2)
Mine is Hunter2
How to destroy your reputation as a secure service (Score:2)
Re: (Score:1)
I think a good way to destroy your reputation as a secure and trustworthy security services provider, is by telling everyone that the passwords they're using are stupid and publishing what those passwords are...
I thought that too. Then, I know it's hard to believe, I pulled up the article and started to read it. I'm sorry, it won't happen again.. LOL.
They compiled the list from incidents working with another company.
If they were able to aggregate passwords based on people or positions to outside people, oh man that would be something.
I'm tired of movie ratings (Score:2)
No one ever expects a summer zombie movie to be an award-winning piece of literature. That doesn't mean it isn't worthy of a 5-star review. A few years back, a summer zombie movie (a sequel no less) was maybe the best movie I'd seen in ages. Not because it was a prize of literary glory. Simply because it was exactly what it promised it would be -- and that's why I chose to see it.
I'm in the security and password industry, for 30+ years now. There are four kinds of passwords:
1. account identification.
Re: (Score:2)
You lock down the dropbox account down so that strangers don't post illegal things there.
Re: (Score:2)
Strangers can post illegal things anywhere. I can't stop them. They don't need my dropbox account. they can get their own.
Obligatory XKCD (Score:2, Funny)
https://xkcd.com/936/ [xkcd.com]
hah! (Score:3)
the general public's most commonly used passwords were sequential numbers like '123456'
123456? that's the combination to my luggage!
Data acquired is shady (Score:2)
How in the world did this company get all these CEO passwords? How did they know it was the CEO? Why are they releasing anything on this. Having any knowledge of someone else's password is a breach. I won't be using NordPass and will now be suspicious about any other like products. People shouldn't be surprised of anyone's password. I suspect the CEO passwords are quite average, but only NordPass would know.
BTW, password expiration is a flawed security model. It makes things worse.
Storing anything bu
mfa (Score:2)
Fake Research for Publicity is Startlingly Dumb (Score:2)
The headline is incorrect.
This does not involve "passwords-most-used-by-ceos" but "passwords-most-used-by-ceos INVOLVED IN DATA BREACHES":
"The more recent research sample consists of 290 million cybersecurity data breaches around the globe"
So it is grossly misleading.
FIX IT, "EDITORS" !
Re: (Score:1)
FIX IT, "EDITORS" !
lol welcome to slashdot, but hey... get off my lawn!
Re: (Score:2)
Don't worry, I don't actually expect the lazy @#$%&s to get off my lawn, erm, fix it.
Re: (Score:2)
Re: (Score:2)
You appear to think you are addressing a clueless noob, you appear to think I expect my demands to be met, you appear to have been amused for twenty years by things that no normal person would find remotely funny.
Re: (Score:2)
Re: (Score:2)
Oh, you're definitely a clueless noob, this response confirms it
Wut? (Score:2)
>Arguably the strongest passwords are 3 random words
No. A 4 word password would be stronger. So would a 5.
Better still why not consult people who understand how this works and specify a minimum length for a password to ensure sufficient min-entropy rather than nonsense like requirements for inclusion of unmemorable characters that only serve to lower the min-entropy and make the passwords unmemorable. Even better stop using passwords and start using physical tokens.
No kidding (Score:2)
Makes complete sense (Score:2)
2FA FTW (Score:1)
CEOs are not always that bright (Score:1)
I worked in the division of a large company famous for its paper document duplication products. The division CEO's password was the name of his cars manufacturer. He also couldn't be arsed to change it periodically, so, we had to set it so it never expired. Dumb, but not half as dumb as the CEO of the medical research company I also worked at who, despite holding a PhD, couldn't remember a password to save his life. We ended up changing it to his initials (3 characters) and setting it to never expire. And e
The best german passvvord ... (Score:2)
Obviously the best German password is "Geh Heim!"
Unfortunately no non German speaker will grasp this.
Re (Score:1)
Re: (Score:1)
I did that, but only stock-option raises were available, and the company bellied up the following week because the CEO used "suckers1" as the password.
Re: (Score:2)
That's not far from the truth. A number of years ago I ran crack against the passwords at a major financial firm - which will remain nameless - as part of a security audit.
Suffice it say, if you're going to break into someone's account, about 80% of the time the name of their wife or mistress followed by a 1 will usually get it for you.
Re: (Score:3)
Yeah, knowing personal information makes a hack far easier. One of my coworkers uses his wife's name followed by 2345 (because 1234 is expired). Mine are a bit trickier, you need to know a formula and do some math. If someone cracks one or steals it, figuring out the formula and math is crypto. Far harder than most hackers try.
Re: (Score:2)
So it's your wife's name followed by SHA1(your_wife's_name) ?
Re: now you know how to give yourself a raise (Score:1)
Re: (Score:2)
Ressources Humaines?