Thursday, May 24, 2007

Hacking Accounts, Part II

So I've updated Atlas Quest to reject the most common and easily guessed passwords. New members and those who try to change their password will be expected to think up some better passwords in the future. While it's unlikely nefarious people will try to hack into an Atlas Quest account, at least let's not make it too easy for them! So not only are the most common passwords no longer allowed, but neither are many variations of them.

This morning, thinking about easy-to-guess passwords, I thought of something that wasn't on the top 10 most common passwords from yesterday's post. The word letterboxing or some variant of it. Makes sense, don't you think? It was just my gut instinct, but I had a hunch I'd find more than a couple of accounts with that password. I was right.

letterboxing: 24
letterbox: 47
letterboxer: 1
letterboxes: 0
boxes: 1
boxing: 3

Running with this theme, what if someone thought about being even more specific? What if they used atlasquest as their password?

atlasquest: 9

What if someone wanted to get very clever and use ryancarpenter as a password?

Alas, nobody loves me that much. No passwords match ryancarpenter. ;o)

Still, I managed to crack open another 85 accounts today. So to add to my growing list of "too easy to guess" passwords, anything with the terms letterboxing or atlasquest or a variant of them will no longer be allowed. For those of you who already use it, you won't be forced to change, but it's highly recommended.

For kicks, I've started typing in random words that come to mind, just to see how easy it is to guess passwords. I've tried snake, yahoo, hotmail, facebook, geocities, google, firefox, intel, microsoft, takeahike, search, inkpad, logbook, keyboard, mouse, monitor, speaker, phone, cellphone, cordless, computer, laptop, camera, digital, stereo, turtle, flies, puppy, kitten, goldfish, finch, chick, and chicken.

There complete guesses on my part, but I'm thinking if people want to think of a password, you'll use an object they might see around them as their password (thus, all of the computer related terms I tried or the websites they might have used before going to AQ), or they might use an animal (for some reason, I suspect a lot of people might use animals as passwords). I was right on both counts and among all those words was able to crack open another twenty or so accounts. Not all of the words had success. Two of the words cracked three passwords each. I'm not going to ban all of those words, though--it's not a complete list of computer accessories or animals and there are probably others I haven't tried.

But animals and computer accessories or websites probably won't be very secure passwords.

Just some more food for thought. =)

6 comments:

Anonymous said...

Try:

opensesame
gimmeclues
gimmecluesnow
hunt, hunter, hunting

Anonymous said...

Let's see...between freecell and hacking into AQ accounts, it sounds like you have waaaaaaaaaaaay too much free time on your hands. Someone go break something on AQ! ;)

Ryan said...

Struck out on opensesame, gimmeclues, and gimmecluesnow. Hunt was never a possibility since passwords required at least five letters, but there were NINE people who have hunter as a password, and one more who used hunting!

That might be common enough to ban the use of "hunt" or a variant as a password. *nodding*

bayena foulsbane said...

aren't you suppose to be walking around town? getting involved in more movies? :P

Anonymous said...

How about anything to do with tupperware, loc n locks, stamping, logbook etc.
Or any of the above backwards?
i guess i have way too much time on my hands seeing as i am logging in and reading about what YOU do with your extra time. LOL

Keep up the good work, you goober you.
deniserows
*hhmm passwords...sdrowssap

dee expaddy said...

what about "nodding"?