this post was submitted on 17 Nov 2023
247 points (96.6% liked)

Technology

57472 readers
3606 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
247
The worst passwords of 2023 are also the most common, "123456" comes in first (www.techspot.com)
submitted 9 months ago by [email protected] to c/[email protected]
54 comments fedilink hide all child comments
 

The worst passwords of 2023 are also the most common, "123456" comes in first::undefined

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 11 points 9 months ago (2 children)

I think most of these are for accounts where people don't care if they are hacked or not.

Regardless, this should not be on the individual. The issue is with the website that allows those types of passwords to begin with. There are sites that don't allow special characters at all. Stupid.

[–] [email protected] 13 points 9 months ago* (last edited 9 months ago) (1 children)

The most infuriating thing is websites that actually limit secure passwords (e.g. "password must be between 6 and 12 characters"). Preventing longer passwords makes little sense if they're salting and hashing; and if they're storing the passwords in plain text (which is just about the only reason to limit the max length to anything less than what a person would reasonably remember), that's even worse.

[–] ricecake 8 points 9 months ago (1 children)

There was a belief, before the advent of ubiquitous password managers, that allowing passwords to be "too long" would result in people forgetting their password more often, entering it wrong, or some combination which would increase reset requests and ultimately cause people to use worse passwords. Basically "you can't remember a 54 character random password, and you're gonna get pissed and switch to a six character predictable word".

This is now obviously a terrible line of reasoning, but it was only middling bad at the time.

[–] [email protected] 4 points 9 months ago (1 children)

Oh, i guess that makes some sort of sense - obviously I disagree with the conclusion, but I understand it - but it's beyond frustrating when you think "maybe I'll pay this bill online" and see that limit. And even if that is the reasoning for the limit, if they haven't updated their requirements in all that time, I have little faith that they're storing my sensitive information securely.

[–] [email protected] 2 points 9 months ago

I feel like most of the sites I’ve seen password limits like this on are financial in nature, where it’s all theatrics - the appearance of security takes precedence over (and in some cases comes at the expense of) actual security.

[–] [email protected] 4 points 9 months ago

Exactly, I'm not using a real password for a site I don't care about where I have nothing to protect.

I'm using something simple that I can type with one hand.

Something important however? Good luck figuring that out.