Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Privacy Security

The Passwords Most Used By CEOs Are Startlingly Dumb (pcgamer.com) 110

A recent cybersecurity report shows how immensely idiotic many CEOs and business owners can be, considering the strength of their chosen account passwords. PC Gamer reports: The research comes from NordPass password manager which identified back in 2020 that the general public's most commonly used passwords were sequential numbers like '123456', 'picture1', and yep, you guessed it: 'password'. The more recent research sample consists of 290 million cybersecurity data breaches around the globe, and denotes the job level of those affected. Turns out, when it comes to CEOs and other high-ranking businesses execs, their password choices are much the same as the general public, although many often feature names. Tiffany was spotted in 100,534 breaches; then there was Charlie with 33,699; Michael was found 10,647 times; and Jordan, 10,472 times.

The report also ranks mythical creatures and animals as some of the top passwords to have been cracked in data breaches. 'Dragon' was spotted 11,926 times, and 'monkey' comes in at 11,675. I spoke to IT support engineer Ash Smith, who recommends that companies should consider handing out randomly generated passwords as new accounts are created. "Arguably the strongest passwords are 3 random words, something that you can make a story about in your head to help you remember," he says.

This discussion has been archived. No new comments can be posted.

The Passwords Most Used By CEOs Are Startlingly Dumb

Comments Filter:
  • So they count as normal people here, possibly with inflated egos in quite a few cases. Hence, what is the story?

    • by geekmux ( 1040042 ) on Wednesday May 18, 2022 @06:35PM (#62547410)

      So they count as normal people here, possibly with inflated egos in quite a few cases. Hence, what is the story?

      Perhaps the story should be why we pay those "normal" idiots 300x more than the average worker, since they're so damn good at leading by moronic example.

      • by gweihir ( 88907 )

        Well, I have been wondering that for a long, long time. I hear the job completely sucks though, unless you are a psycho. Probably the reason why so many psychos are in the CEO slot.

      • CEOs aren't paid because they're smart. They're paid because they take risks (explains the password choice).

        BTW, I can't tell you how many times I've seen "smart" people use the password NCC-1701... it's like a plague.

    • I'm not a security expert by any stretch of the imagination. I know just enough - mostly theory rather than practical application - to possibly convince some idiot that I could secure their computer or maybe even their whole network.

      I'd tell them to do everything all the pop-culture tech people to do and try to sound really smart while I did so because I was preparing to send them a huge consulting bill. That would probably save them money in the long run.

      I figured out a long time ago the my passwords were

  • ..."picture1"?

    Not great, but not super-obvious either. I agree "picture" is a common word, but so is "common" and "word".

    • It's a mere 8 characters, only one word and one digit. No mixed case or symbols either. So, it's complexity is quite low, making it easy for automated guessing algorithms to guess and very easy for rainbow table [wikipedia.org] attacks.

      In finding a balance between password strength and usability, go for long passwords with multiple words and throw in a few numbers and symbols. Even if you do upper casing on each word, which doesn't strengthen it very much against guessing, it still helps against rainbow table attacks.

      "O

      • by Tablizer ( 95088 )

        > "OnePictureOf42&You" would be a much stronger password, and it is quite easy to memorize.

        I'd definitely screw that up on a Monday. I'm not very good at typing without visual feedback.

      • by Anonymous Coward

        "OnePictureOf42&You" would be a much stronger password, and it is quite easy to memorize.

        Please stop publishing my password. I've been using it for decades on all my accounts and it's worked fine so I see no need to change it.

      • If people really want to see how it goes, then just create a hash of that password, then set jacktheripper or similar tools against it and anyone can see that word + number is one of the first few patterns and this gets cracked very, very quickly.

        Honestly, a lot of the password advice didn't click for me until I saw how the tools used to break password hashes worked. Now I choose things that are higher entropy and less likely to be among their patterns or otherwise short enough to crack.

      • by quenda ( 644621 )

        "OnePictureOf42&You" would be a much stronger password, and it is quite easy to memorize.

           

        Correct horse!

      • An educated person might have a 20k vocab; I bet you that the average person doesn't choose from that large of a vocab. You could force 1 non-ascii unicode character and in theory blow up the search space far more but people will pick from just a few unicode characters... password+emjoii like they did with password+ number = password1

        Users are not security experts. Humans are not random even when they try to be they are not perfectly random.

        Easier use of keychains... forget this annoying error prone 2 fac

      • Comment removed based on user account deletion
  • Management! (Score:5, Interesting)

    by higuita ( 129722 ) on Wednesday May 18, 2022 @06:34PM (#62547408) Homepage

    Most of the time, management do enforce strong password, change once a month, no repeating, etc to everyone... yet they are always excluded from those rules, because they are "too important" to be bothered with those things

    • Re:Management! (Score:5, Insightful)

      by msauve ( 701917 ) on Wednesday May 18, 2022 @06:57PM (#62547484)
      > change once a month

      So, in violation of NIST guidelines [nist.gov] ("Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically)."). Because, remembering a new "strong" password every month is hard, and only causes people to write it on a sticky note under the keyboard.
      • by higuita ( 129722 )

        Totally agree... yet i see many companies that IT directors do that... no wounder that people write their password in post-it or create simple rule based password (like the month name and the calendar picture)
        Enforcing a too short password change results in worse protection... but those IT directors are the same that create those rules to exclude themself and management exclusion from those rules

      • by ceoyoyo ( 59147 )

        I had an account once at a place I didn't really want to have an account. They instituted a stupid monthly password change policy. I sent them a paper on monthly changes decreasing security, but no dice.

        My first password was "this is stupid." A month later it became "this is fucking stupid." I got pretty creative until I finally ran out of profanity and they finally agreed to delete the account.

      • by tlhIngan ( 30335 )

        Because, remembering a new "strong" password every month is hard, and only causes people to write it on a sticky note under the keyboard.

        Actually, it worse than that - it results in people picking less difficult to remember passwords of lower difficulty to remember. Like instead of some long phrase or other thing, they may use the month and year (numbers, letters (capitals and lower case, if needed)) and maybe a period or something to add your symbol.

        Or they just make it an incrementing one, liek Password1

    • Re:Management! (Score:5, Insightful)

      by geekmux ( 1040042 ) on Wednesday May 18, 2022 @07:04PM (#62547512)

      When any security manager is hired onto a company, they should not consider taking the job until a specific question is answered.

      (Security Manager to CEO) "Do I maintain the authority to tell even you 'No', if prudent to maintain proper security?"

      If a CEO has to question or think about giving a Subject Matter Expert they hired anything less than 100% support when absolutely justified, then understand they're looking for a Chief Scapegoat Officer.

      Proceed carefully. It sure as hell won't be anyone else's dick on the chopping block when the shit hits the ransomfan.

      • When any security manager is hired onto a company, they should not consider taking the job until a specific question is answered.

        (Security Manager to CEO) "Do I maintain the authority to tell even you 'No', if prudent to maintain proper security?"

        If a CEO has to question or think about giving a Subject Matter Expert they hired anything less than 100% support when absolutely justified, then understand they're looking for a Chief Scapegoat Officer.

        Proceed carefully. It sure as hell won't be anyone else's dick on the chopping block when the shit hits the ransomfan.

        I suspect you'd have a lot of trouble getting CEO's to answer yes to that question, at least not without them rephrasing.

        Letting the Security Manager do their job, including telling the CEO 'No', is one thing. But I'm not sure anyone has the authority to tell the CEO to do anything.

        • Letting the Security Manager do their job, including telling the CEO 'No', is one thing. But I'm not sure anyone has the authority to tell the CEO to do anything.

          (Security Manager to CEO) "So, you're going to tell the hacker holding your data hostage who has the 'authority' here? Hang on a minute, I need to make popcorn. Yeah, it's kind of a tradition now."

          And if you truly think no one holds the authority to tell a CEO 'No', then I wonder why Boards exist. CEOs do get fired. That is a thing.

          • Letting the Security Manager do their job, including telling the CEO 'No', is one thing. But I'm not sure anyone has the authority to tell the CEO to do anything.

            (Security Manager to CEO) "So, you're going to tell the hacker holding your data hostage who has the 'authority' here? Hang on a minute, I need to make popcorn. Yeah, it's kind of a tradition now."

            And if you truly think no one holds the authority to tell a CEO 'No', then I wonder why Boards exist. CEOs do get fired. That is a thing.

            They have the power to fire the CEO, and I think the Chair of the board might actually have authority over them, but I doubt any employee has authority over the CEO.

            I'm not saying the CEO shouldn't listen to the security manager and rigorously follow their recommendations, but asking for authority over the CEO isn't going to happen.

            Lets put it another way, if you think the CEO is so incompetent that they won't take good and necessary advice from employees then you shouldn't take a senior position in that or

            • Finance regulations. Privacy laws. Professional and personal laws of conduct in society and the workplace. There are many things that every employee all the way up to and including the CEO, must maintain a zero tolerance stance on.

              What a good Security Officer is actually asking here, is for the CEO to lead by example. For ironically every reason you've cited regarding their ultimate power and authority over the company. If a CEO asks for an unjustified exception, then they may not really respect the ve

              • Finance regulations. Privacy laws. Professional and personal laws of conduct in society and the workplace. There are many things that every employee all the way up to and including the CEO, must maintain a zero tolerance stance on.

                Sure, but that doesn't mean those individuals have authority over the CEO.

                What a good Security Officer is actually asking here, is for the CEO to lead by example.

                Agreed. But by asking for authority you were turning it into a pissing contest where the Security Officer/Manager is asking to be the boss in certain circumstances.

                A good CEO should hire good people and take their advice. It shouldn't matter if the Security person has "authority" because the CEO should be following good advice when given.

                And yes, there's probably circumstances where enduring a short term security risk is a necessary g

                • Finance regulations. Privacy laws. Professional and personal laws of conduct in society and the workplace. There are many things that every employee all the way up to and including the CEO, must maintain a zero tolerance stance on.

                  Sure, but that doesn't mean those individuals have authority over the CEO.

                  Third party audits are in fact third party for a very specific reason; so a CEO or anyone else being audited cannot create or enforce undue pressure and/or authority over said third party, for the purposes of hiding or obscuring shitty security practice.

                  Yes, from criminal to civil violations, many have authority over a CEO. A CEO cannot openly and blatantly commit a crime and then whip out their business card in defense. It's a business title, not a get-out-of-jail-free card.

                  What a good Security Officer is actually asking here, is for the CEO to lead by example.

                  Agreed. But by asking for authority you were turning it into a pissing contest where the Security Officer/Manager is asking to be the boss in certain circumstances.

                  A good CEO should hire good people and take their advice. It shouldn't matter if the Security person has "authority" because the CEO should be following good advice when given.

                  Yes, they should be following

                  • Finance regulations. Privacy laws. Professional and personal laws of conduct in society and the workplace. There are many things that every employee all the way up to and including the CEO, must maintain a zero tolerance stance on.

                    Sure, but that doesn't mean those individuals have authority over the CEO.

                    Third party audits are in fact third party for a very specific reason; so a CEO or anyone else being audited cannot create or enforce undue pressure and/or authority over said third party, for the purposes of hiding or obscuring shitty security practice.

                    Yes, from criminal to civil violations, many have authority over a CEO. A CEO cannot openly and blatantly commit a crime and then whip out their business card in defense. It's a business title, not a get-out-of-jail-free card.

                    Of course a CEO is still subject to laws. Though for 3rd party audits while the CEO doesn't have authority over the 3rd party (they work for another organization!!) I don't think the 3rd party has authority inside the company except the authority that has been granted them by the company (ultimately the CEO). If the auditor wants to see something they ask, if the request is denied without good cause then that shows up very poorly in the auditors report.

                    What a good Security Officer is actually asking here, is for the CEO to lead by example.

                    Agreed. But by asking for authority you were turning it into a pissing contest where the Security Officer/Manager is asking to be the boss in certain circumstances.

                    A good CEO should hire good people and take their advice. It shouldn't matter if the Security person has "authority" because the CEO should be following good advice when given.

                    Yes, they should be following advice. And sometimes th

                    • Asking for authority is one thing, asking for authority over the CEO (which was your original phrasing) is a very different thing.

                      No one disagrees that the Security Officer should be given authority and leeway to ensure good security. What I'm arguing against is where you seemed to ask for this special ability to outrank the CEO is certain situations.

                      You seem to be contradicting yourself. If "no one disagrees", then we both understand the "given authority" and "leeway" you're talking about here, is exactly the authority I'm referring to in certain situations. And any policy or procedure that shifts that level of responsibility, even temporarily, will be vetted with legal first.

                      And yes, telling a CEO "No" at times, IS basically holding the given authority to outrank their decision at that moment. Sure, any reasonable CEO is going to ask for justificat

      • Re: (Score:2, Insightful)

        by Aighearach ( 97333 )

        "Do I maintain the authority to tell even you 'No', if prudent to maintain proper security?"

        They'll always say yes, it doesn't mean you can actually tell them no in practice.

        You have to continue having their support to keep the job, so it is a meaningless request.

        It is just not that simple a problem, and can't be solved with a parlor trick.

      • You're fired.
      • Security is not an end state. I don't need them to follow my rules. I need them to agree to sign the paper that says

        "I accept the risk"

        All security policy has exceptions. I just need someone other than me to be responsible for the outcomes.

      • I had this problem. I was promoted to Director of IT for a large multinational company for a couple years, and it was a constant pain to get the C-Suite to agree to the required changes for various security frameworks even when THEY THEMSELVES were the ones asking us to implement the frameworks.

        It was just too difficult for the handful of top-level staff to remember new dynamic WiFi passwords, change their passwords on even a 6-month basis, submit new devices for MAC authentication, or follow simple rule
    • Enforced strong passwords are great for important things, but I hate with a passion how many meaningless sites that require logins (why does everyone make me login these days?) require upper, lower case, special character, number and minimum 372 characters. WTF? It's a gas station rewards card FFS.
      • by rgmoore ( 133276 )

        Using strong passwords everywhere is a good idea. You're a lot less likely to have a single stolen password let someone break into multiple accounts. You may think it's a hassle to have to use a strong password for your trivial accounts, but it's much less hassle than having multiple accounts hacked from one security slip-up.

        Seriously, though, just get a password manager. Most browsers these days have one built in and some kind of synchronization system so every instance of the browser can recall them.

  • a lot of CEO's... (Score:4, Insightful)

    by Bourdain ( 683477 ) on Wednesday May 18, 2022 @06:35PM (#62547412)

    ...are correspondingly dumb

    • title :
      "The Passwords Most Used By CEOs Are Startlingly Dumb"
      can be simplified to :

      "Most CEOs Are Startlingly Dumb"

    • ...but they sincerely believe that they're smarter than everyone else.
    • to be fair though, probably all of the CEO's I've personally worked with are pretty smart actually

      I'd guess if they had bad passwords it's because they couldn't be bothered with making a "better" password

      that's why it's not a bad idea to enforce some basic password requirements so people's passwords can't be easily cracked in a breach

  • by Anonymouse Cowtard ( 6211666 ) on Wednesday May 18, 2022 @06:37PM (#62547418) Homepage
    nevermind your horse batteries, I'm changing all mine to "threerandomwords"
  • "StartlinglyDumb1" is ... was my Slashdot password.

  • > Arguably the strongest passwords are 3 random words, something that you can make a story about in your head to help you remember

    passwordpasswordpassword

    Sure glad I've now got 'the strongest password'.

    • > passwordpasswordpassword

      The first top 5 in a google search on "password tester" results for the above password:
      29 quadrillion years 7 quadrillion years 0 seconds (or similar)
      So online password testing parsers are mostly junk - at least an obvious test method..
      FacePalm.
      • Oops, wrong button...

        29 quadrillion years - two sites
        7 quadrillion years - one site
        0 seconds (or similar) - two sites
      • It would really depend on the method of attack they are estimating.

        The chance of brute-forcing without a word list passwordpasswordpassword is going to be stupid low. The chance of cracking that with a word list (if you configured your wordlist to try passwordpasswordpassword) is pretty high.

        Also, why doesn't anyone use spaces in passwords? It's perfectly fine and makes your password more conversational. Years ago my favorite password (being a judo fan) was "Ippon wins the match!"

        Very strong, very unlikely

        • I was going with the '3 random words', that statement does not include spaces. The sentiment seems to be that I picked a long word. It could be as simple as:

          III

          'I' is a word after all.

      • by v1 ( 525388 )

        XKCD [xkcd.com] is always relevant

    • Something tells me that you did not use a random process to obtain 3 dictionary words and just happened to receive the word "password" three times

  • Shocked, I tell you! Well... not that shocked.

  • "A recent cybersecurity report shows how immensely idiotic many CEOs and business owners can be"

    Didn't need the report.

  • by tempo36 ( 2382592 ) on Wednesday May 18, 2022 @07:09PM (#62547528)

    As true then as it is now... https://xkcd.com/936/ [xkcd.com]

    • That's been my password ever since I read that comic when it first came out. Because if I ever forget my password, I can just find that comic again and then e-banking is a go once again. Yeah!
  • by Todd Knarr ( 15451 ) on Wednesday May 18, 2022 @07:11PM (#62547542) Homepage

    Strongest password would be the low-twenties-length random password generated by a password manager that you can just paste into the password field as needed. Use a password manager that stores it's database locally, not on-line. And use 2-factor authentication (preferably a hardware solution like Yubikey, or a TOTP code generator app on your phone, avoid SMS-based ones).

    For passwords you have to actually type, like computer login passwords, it helps if you're used to touch-typing. Start with a first letter, then alternate hands adding the necessary number of digits, symbols and upper-case letters to get 8-10 characters with a distinctive feel to the order so you end up committing it to muscle memory more than anything else. Write it down on a slip of paper to remind yourself of it, and store that paper somewhere secure (a locked drawer or something) to protect against an evil maid attack through your cleaning service at work.

    Don't change passwords too often, you want to be able to benefit from not having to memorize new ones often (the single most common driver of easy-to-guess passwords). Configure systems to lock the account after a few failures (3-5) to block attempts to guess the password. And for the love of little green apples don't use the same password across multiple accounts.

    That'll make you as safe as you can get. You'll never be able to guard against the service getting hacked and their stored password data copied, all you can do there is hope they used a decent hashing algorithm

    • For passwords you have to actually type, like computer login passwords, it helps if you're used to touch-typing. Start with a first letter, then alternate hands adding the necessary number of digits, symbols and upper-case letters to get 8-10 characters with a distinctive feel to the order so you end up committing it to muscle memory more than anything else.

      Nah. A sequence of a few randomly-chosen (really random) dictionary words provides just as much (or more) entropy and is much easier to remember and type. It's more letters to type, but if you type very much it's likely to be as fast or faster because you fingers "know" words. https://xkcd.com/936/ [xkcd.com] got it right.

      For example, a 10-character password containing a random[*] mixture of upper and lowercase letters, digits and symbols such as "fFnDr2%69%" (just generated with https://passwordsgenerator.net... [passwordsgenerator.net])

    • When I migrated to using a password manager (KeepassXC, synced via SyncThing to Keepass2Android on my phone), I started using the password generator.

      Which aren't fun to type when I wind up having to do that. Which is relatively frequently; I'm not planning on syncing my password database to my work computer.

      I don't like the "use a touch-typing pattern" you describe- I find it hard to memorize and I have witnessed people make passwords like qwertyuiop "following" advice like that.

      I prefer diceware- https://d [dmuth.org]

  • by JoeRobe ( 207552 ) on Wednesday May 18, 2022 @07:18PM (#62547562) Homepage

    There's a subtle point to this story that I think is often overlooked. The dataset that the story is based off of is from data breaches. It doesn't matter if these passwords were "dumb" or extremely complicated, they were exposed in a data breach. Not from some brute force attack or guessing (which would presumably be easier with a dumb password), but because they were part of a large dataset that went public.

    That's not to say people don't need passwords, or that there aren't accounts that need strong passwords because people could try to brute force or guess them. But gasping at the "dumbness" of passwords doesn't change the fact that the vast majority of accounts with even the "dumb" passwords would have never been hacked if they weren't part of a data breach.

  • Perhaps we should use passwords describing various perverse sex acts involving Russian and Chinese government officials and circus animals. It might be fun if state-sponsored hackers had to include such phrases in their password cracking efforts.

    "No, honoured police lieutenant, I do not believe Chairman Xi's father seduced a panda. There is a high likelihood that this is the password of a GenTech researcher. Oh, sorry. It does not appear to be working now."

    Meaty thwacking noises ensue, accompanied by sc

  • I started reading and hit this "research comes from NordPass password manager" so they have all the passwords for everyone using their product? Just seems odd to me.
    • by stooo ( 2202012 )

      That is the nice thing about a password manager, you give it your passwords.. :)
      Yeah, encryption, security, blah blah. Nobody cares this boring theory

  • If 998 persons have a randomly generated 16 character password, but 2 of them have “password” as their password, then “password” is the most common one. — This should be obvious since all the strong passwords are al counter as different, that is why they are strong, because they are hard to guess and thus unlikely to collide with any other password.

  • CEOs can't be trusted to use passwords. Make them use a hardware device, like Yubikey.

  • Y4@9n4+kZfup_c6xph

    I chose each character with a random number generator hooked up to a physical high entropy source.

    It's flawless. It's so good, I use it everywhere.

  • I think a good way to destroy your reputation as a secure and trustworthy security services provider, is by telling everyone that the passwords they're using are stupid and publishing what those passwords are...
    • by ebvwfbw ( 864834 )

      I think a good way to destroy your reputation as a secure and trustworthy security services provider, is by telling everyone that the passwords they're using are stupid and publishing what those passwords are...

      I thought that too. Then, I know it's hard to believe, I pulled up the article and started to read it. I'm sorry, it won't happen again.. LOL.
      They compiled the list from incidents working with another company.

      If they were able to aggregate passwords based on people or positions to outside people, oh man that would be something.

  • No one ever expects a summer zombie movie to be an award-winning piece of literature. That doesn't mean it isn't worthy of a 5-star review. A few years back, a summer zombie movie (a sequel no less) was maybe the best movie I'd seen in ages. Not because it was a prize of literary glory. Simply because it was exactly what it promised it would be -- and that's why I chose to see it.

    I'm in the security and password industry, for 30+ years now. There are four kinds of passwords:

    1. account identification.

    • by Dwedit ( 232252 )

      You lock down the dropbox account down so that strangers don't post illegal things there.

      • Strangers can post illegal things anywhere. I can't stop them. They don't need my dropbox account. they can get their own.

  • by hamburger lady ( 218108 ) on Wednesday May 18, 2022 @10:01PM (#62547908)

    the general public's most commonly used passwords were sequential numbers like '123456'

    123456? that's the combination to my luggage!

  • How in the world did this company get all these CEO passwords? How did they know it was the CEO? Why are they releasing anything on this. Having any knowledge of someone else's password is a breach. I won't be using NordPass and will now be suspicious about any other like products. People shouldn't be surprised of anyone's password. I suspect the CEO passwords are quite average, but only NordPass would know.

    BTW, password expiration is a flawed security model. It makes things worse.

    Storing anything bu

  • Do it.
  • The headline is incorrect.
    This does not involve "passwords-most-used-by-ceos" but "passwords-most-used-by-ceos INVOLVED IN DATA BREACHES":

    "The more recent research sample consists of 290 million cybersecurity data breaches around the globe"

    So it is grossly misleading.

    FIX IT, "EDITORS" !

    • FIX IT, "EDITORS" !

      lol welcome to slashdot, but hey... get off my lawn!

    • by kunwon1 ( 795332 )
      For twenty years, clueless noobs have been making demands of editors in slashdot comments. For twenty years, the rest of us have been laughing at them
      • You appear to think you are addressing a clueless noob, you appear to think I expect my demands to be met, you appear to have been amused for twenty years by things that no normal person would find remotely funny.

  • >Arguably the strongest passwords are 3 random words

    No. A 4 word password would be stronger. So would a 5.

    Better still why not consult people who understand how this works and specify a minimum length for a password to ensure sufficient min-entropy rather than nonsense like requirements for inclusion of unmemorable characters that only serve to lower the min-entropy and make the passwords unmemorable. Even better stop using passwords and start using physical tokens.

  • What's your average CEO other than a psychopathic salesman (yes - male) and primadonna cheerleader?
  • I've never met an intelligent CEO. Every single one, and I've met a few dozen, were complete and utter morons. Succeeding in business is mostly luck, and the CEO matters very little
  • My job has layers of security, so I actually have two separate authenticator apps on my phone that I have to use to connect to different environments. It's a hassle, but so is typing in passwords.
  • I worked in the division of a large company famous for its paper document duplication products. The division CEO's password was the name of his cars manufacturer. He also couldn't be arsed to change it periodically, so, we had to set it so it never expired. Dumb, but not half as dumb as the CEO of the medical research company I also worked at who, despite holding a PhD, couldn't remember a password to save his life. We ended up changing it to his initials (3 characters) and setting it to never expire. And e

  • Obviously the best German password is "Geh Heim!"
    Unfortunately no non German speaker will grasp this.

  • It seems to me that passwords are a somewhat outdated, because scammers have learned to guess even complex passwords well and quickly, and this has ceased to be a reliable way to protect data. I have read about kvalifika here https://www.kvalifika.com/blog/How-did-the-Kvalifika-team-manage-to-bootstrap-their-business-and-become-the-market-leader-in-2-years [kvalifika.com] which provides personal identification services and I think this is a more secure data protection option.

The truth of a proposition has nothing to do with its credibility. And vice versa.

Working...