Every once and a while you run across something just a little bit geeky that just makes you smile.

Today while setting up some new member accounts using the company’s existing usernames and passwords I got to about 6 members setup and suddenly my poor tired brain noticed something that made my day.

Here’s a sample from the list:

rswanson
5w4n50n
jastlley
45tll3y
fmounts
m0unt5
hlarson
l4r50n
krotela
kr0t314
ssanchez
554nch3z
bsinger
51ng3r
ttrownbridge
tr0wenbr1dg3

Perhaps not the most secure system ever conceived, but a bit of fun and still hard to guess.

yes, the names have been altered to protect the members, but you’ll get the idea if you look at the list for a minute.

Trowenbridge is the only name who’s vowels haven’t been totally substituted with a number?

And they have basically substituted their surnames to number/letter combination.

There were others with a slight bend in the rules, but for the most part they kept to the pattern. Not as much fun as finding one of Paul’s hidden treasures in EE’s code, but at the end of a day of MX, SPF, IP’s and client support calls related to freshly launched sites, it was a fun surprise.

Kurt Deutscher - 25 November 2008 11:09 PM

Not as much fun as finding one of Paul’s hidden treasures in EE’s code

Pray tell…

Nope, my lips are sealed.

if i were a hacker attempting to guess a password… apart from a dictionary attack with numbers included, i would try combinations of username / words with the logical letters replaced by numbers.  So maybe not as secure as you might think, but still better than what my average customer asks for “password” as the password!

So what are the most common passwords then?

What about things like 111111 or 12345 or pet names and birthdays etc?

I have 5 passwords that I use and after the oldest password is about 12 months old I phase it out for a new one. The least secure is 8 characters with 2 numbers randomly thrown in - most have 10 characters with mixed case, at least 2 numbers and one symbol.

don’t understand people using passwords such as their spouses name or birthdate - you’re just asking to be hacked and ripped off.

perhaps I’m just a little paranoid.

i don;t know about common, but a lot of people i know go for related words, plus a number. so for example a dog site - “fido123456”...
I just think people (customers!) do not know (or care to find out) why passwords are weak, hence they always go for words, or birth dates.

I say bring on open ID… then once you loose that password you loose everything!

Ha, this made me immediately think about following userfriendly.org cartoon.

I hear you
http://upload.wikimedia.org/wikipedia/en/f/f3/Dilbert-20050910.png

N080dy c0u1d 3v3r gu355 my p455w0rd5!

Scruffy - 01 December 2008 03:45 PM

N080dy c0u1d 3v3r gu355 my p455w0rd5!

-... . -  -.——- ..-  -.-. .- -. .——. -  —. ..- . ... ...  —.. -. .  . .. - .... . .-.

Hmmm

Betn — —tucane — —et —euess —ineeither

You could get a job in seafaring.

Unfortunately the forum scrunched it all up though, dahs (dashes) got turned into longer dashes (don’t know what they’re called though - maybe daaaaaaaaaaaaaaaaaaaahs? )

em-dashes?

Yep probably And here’s me working as a designer and couldn’t remember the darned name of them

Wait. You mean “password” isn’t a good password?

Kevin McGehee - 01 December 2008 09:40 PM

Wait. You mean “password” isn’t a good password?

Nay, good security practices demand that you use password1 instead!