| |||||
Good and Bad Passwords How-ToAn Example List of Common and Bad PasswordsI have removed the long list of common passwords due to excessive traffic levels, and may restore it sometime after they return to normal. I wish I had never created this list, even though it has become by far the most popular page on this site. All such lists are intellectually dishonest, regardless of how accurate they may be, or how carefully they were prepared. Most people who do not find their password in such a list develop a false sense of security. The simple fact is that any competent cracker will be working from a list many times larger than the largest common password list, and the cracker's list will include virtually every word in any common password list. If your password can be found in any dictionary or online "word" list, where words include such character sequences as "qwerty", "abcd1234", or "thx1138", you have a password just as bad a those listed in common password lists. If you have made any or several transformations (such as described in Craking Tool Feature List) you still have a bad password. It's not easy to make a good passwords. There is common advice on forming good passwords, but while better than nothing, leaves much to be desired. If you can get through this long and sometimes technical section you will know what makes strong or weak passwords and have a pretty good idea when a fair password is OK, and when you need a really strong password. The one constant is that good passwords don't appear in any word list, and have certain minimum length and character diversity requirements. The less character diversity, the longer the password needs to be. An all lower case password may be OK, but it needs to be about 14 characters to be strong.
|
|||||
