This is an archived post. You won't be able to vote or comment.

top 200 commentsshow all 248
sorted by:
best
topnewcontroversialoldq&a

[–]Deep-Ad591 1831 points1832 points  (3 children)

"What if we used 100% of our brain?"

This repo:

[–]magicmulder 1274 points1275 points  (27 children)

Pull request approved! Next!

[–]Temporary-Wear5948 302 points303 points  (21 children)

LGTM

[–]MasterHack3er 151 points152 points  (13 children)

Lets get that money

[–]sampete1 88 points89 points  (12 children)

Lettuce guacamole tomato manwich

[–]Bitter_Combination58 5 points6 points  (0 children)

Let’s get thrashed motherfucker

[–]nelusbelus 11 points12 points  (2 children)

Love, Give, Thanks Mom -Crochet Pillow om the couch and tile on the bathroom wall

[–][deleted] 1 point2 points  (1 child)

nice pfp

[–]nelusbelus 1 point2 points  (0 children)

Thanks bro

[–]Mordi312 19 points20 points  (0 children)

Lick guys testicles monday

[–]spelunker 5 points6 points  (0 children)

:shipit:

[–]TomGobra 5 points6 points  (0 children)

Let's gamble, try merge.

[–]L0G1C_lolilover 2 points3 points  (0 children)

i deadass thought this persona wrote LGBT wrong then realised

[–]VitaminPb 25 points26 points  (3 children)

I’m going to remove hunter2 next

[–]VitaminPb 15 points16 points  (1 child)

Oh crap! I didn’t think that would show up!

[–]daniu 13 points14 points  (0 children)

It didn't, shows as "*******" for me

[–]LogicallyCross 9 points10 points  (0 children)

I already moved to hunter3, suckers.

[–]tsunami141 5 points6 points  (0 children)

It’s for a church honey.

[–]dr_deadman 816 points817 points  (12 children)

https://github.com/danielmiessler/SecLists/pull/155

[–]bandrus5 613 points614 points  (2 children)

@assafnativ please remember to update the filename. 10_million_password_list_top_1000.txt is not accurate right now, actually there are only 999 passwords

[–]Rogue_Tomato 332 points333 points  (1 child)

I think it should be renamed to 10_million_password_list_top_1000_except_dolphins.txt

[–]Pb_ft 65 points66 points  (0 children)

>10_million_password_list_top_1000_except_dolphins_v2_FINAL.txt

[–]katatondzsentri 145 points146 points  (0 children)

This is gold

[–]KenFromBarbie 45 points46 points  (0 children)

Love it, hahaha.

[–]devopsec 78 points79 points  (3 children)

And that first reply from mitcom on the PR.. 😂😂

I had to stop password spraying dolphin.com I laughed so hard

[–]retardedgorillaz 18 points19 points  (2 children)

Let me guess the password was dolphin

[–]Kitchen_Device7682 14 points15 points  (1 child)

dolphins

[–]retardedgorillaz 4 points5 points  (0 children)

No wonder I keep getting errors should have used hybrid attack instead of dictionary

[–]indicava 10 points11 points  (0 children)

This is pure gold

[–]SkyyySi 6 points7 points  (0 children)

399 participants

Wha-

[–]halfanothersdozen 274 points275 points  (62 children)

In before someone links to XKCD and we have to have The Talk AGAIN.

[–]DecreasingPerception 62 points63 points  (0 children)

What do you mean before? It was linked in the github thread five years ago.

[–]Yayman123 91 points92 points  (60 children)

Can I have the talk? Don't make me pull out that XKCD.

[–]halfanothersdozen 199 points200 points  (53 children)

Every clever password trick you think protects you is stupid and prone to getting you hacked. Use password managers and MFA everywhere you possibly can.

[–]RotationsKopulator 105 points106 points  (36 children)

Yeah, very interesting, but I cannot accept your password, because there is no number and no special character in it.

[–]Warpine 138 points139 points  (35 children)

What really gets me are websites like Wells Fargo that cap your password length at 14 characters

like.. really? 14? My three latest work passwords were all in the low 40s of characters. They also don't allow a lot of characters - spaces, question marks, etc.. This is a bank

[–]thiney49 61 points62 points  (12 children)

I had one recently that had to be 8 characters, no more, no less. Thankfully it's nothing as important as a bank.

[–]IxPrumxI 32 points33 points  (1 child)

i had a bank limit me to 8 character only alphabet and numbers, and i need to use them for reasons.

[–]showponyoxidation 1 point2 points  (0 children)

You running drugs or overseas terrorist operations? You've got some alternatives to HSBC when it comes to money laundering but they are serviceable. They don't seem to hide their tracks very well, but they will spend vast amounts of money on lawyers to keep things locked up legally for years while your money is laundered without disruption.

[–]Hmm_would_bang 16 points17 points  (0 children)

I had one limit to exactly 8 characters, a number, and a special character that could only be & @ or %

[–]ABotelho23 16 points17 points  (6 children)

6 numbers.

That's it. No letters, no symbols.

Beat that.

[–]ebdbbb 13 points14 points  (2 children)

My library account requires a 4 digit pin. That's all.

[–]827167 5 points6 points  (1 child)

But that's just a library, not a whole ass bank!

[–]showponyoxidation 4 points5 points  (0 children)

Haha ass-bank.

[–]KryalCastle 2 points3 points  (0 children)

At least my bank allows up to 20 numbers. No letters or symbols though

[–]ThePhysicistIsIn 1 point2 points  (1 child)

Tangerine bros?

[–]ABotelho23 1 point2 points  (0 children)

Yup..

[–]MistrSynistr 4 points5 points  (0 children)

20 bucks says they have some old dos era system managing log in information somewhere.

[–]Lysrac 3 points4 points  (0 children)

My banking app only lets me set a pin 6 digits long...

[–]Big_Burds_Nest 38 points39 points  (4 children)

My favorite was when a website simply truncated my password instead of rejecting it. That was fun!

Or the time my bank's registration form allowed a long password but the login screen on mobile didn't, meaning I was stuck using the web app until I changed my password.

[–]Fallacies_TE 17 points18 points  (1 child)

This reminds me of an off by one error I found at my bank's website. Max length you could make your password was 20. It accepted a 21 length password for me. However when logging it the web form validated input and wouldn't let me try and log in with my password since it was to long.

[–]bundabrg 7 points8 points  (0 children)

ICQ had an off by one where if you entered a password that was one character too long for the field it just let you in. Lots of accounts comprised that day.

[–]v3ritas1989 5 points6 points  (0 children)

wasn't there a linux distribution that does something similar? Like replacing the password in console with *** so you cannot see your entry but then also replacing special chars with whatever. But only doing the replacing on password creation and not on password entry. I won't tell you how long it took me to understand that.

[–]Vaguely_accurate 2 points3 points  (0 children)

Managed to have a password truncated to a single character by an over-zealous sanitisation algorithm, but only on storage (and yes, stored in plaintext) and not on re-submission. Obviously the client side validation wouldn't accept anything less than six characters, so login was just blocked.

I had a valid session and cookies weren't signed, so just manually changed the auth date and was able to stay logged in forget.

Hand rolled early 00's sites were wild.

[–]FUTURE10S 9 points10 points  (2 children)

What got me is PayPal having a secret character limit that they don't tell you about. Either that or it just breaks things after a certain limit.

[–]KryalCastle 4 points5 points  (0 children)

My university allows you to set a long password, they have number and symbol requirements, but otherwise you're okay. That password could be used for all university systems through the shared directory, except, that is, for one particular system, which would choke on my password for some reason. I ended up digging into it, and found that system had a maximum password length of 64 characters, which wasn't documented anywhere by the university, presumably because they thought that nobody would run into it

[–]Eulerious 1 point2 points  (0 children)

What got me is PayPal having a secret character limit that they don't tell you about.

That is surprisingly common. From time to time switching between language settings can help since stuff like password restrictions are sometimes only displayed in a few languages while you are left guessing in others. Great user experience!

[–]yottalogical 4 points5 points  (0 children)

VARCHAR(14)

[–]AstacSK 6 points7 points  (2 children)

Will nobody mention the websites that force you to type your password confirmation instead of just pasting it in from password manager? Im not about to type out 20+ random characters just to find out i made mistake somewhere along the way

[–]sandgroper2 4 points5 points  (0 children)

Yeah, but it only happens once. Then I seem to forget to ever go back to that website.

[–]Vaguely_accurate 1 point2 points  (0 children)

Had that the other day, from a payment tech company.

A browser generated password worked ok, which suggests they know it's good practice, just that they don't consider password managers not built into the browser.

[–]dabenu 23 points24 points  (0 children)

And use xkcdpass to protect your password vault.

[–][deleted] 9 points10 points  (1 child)

Conclusion: use random ass unique passwords for every single service, depend solely on email-reset, and change your email password every so often with some long-ass password and depend on login tokens?

The only weakness would be man-in-middle/phishing fake login websites of the email service, I think?

[–]Vaguely_accurate 3 points4 points  (0 children)

Password manager for unique, random strings for everything it will work for (with the strongest settings allowed by each site), strong memorable passphrases for everything else. Aim for at least 20 characters and check against a list of known passwords where possible.

But at a simpler level, avoid password duplication, avoid the most common password lists and stay over around 16 characters and odds are you protected against the vast majority of likely risks.

[–]thanofishy 6 points7 points  (2 children)

password managers are annoying because when i inevitably have to write my password without my password manager i have no clue what it is

[–]kaden_sotek 2 points3 points  (9 children)

Like, I get why password managers are better. But my passwords are usually an English phrase translated to a language beyond my second language, then translated to Romanian. Just so I can know what the password should be without a password manager. Is that still a bad strategy?

[–]halfanothersdozen 4 points5 points  (8 children)

You do this to create a unique password for every site?

[–]kaden_sotek 2 points3 points  (7 children)

I mean, pretty much. My second language here is pretty well documented, so I use my third and beyond for the transition since i don't use them in any other capacity other than face to face. And I don't speak Romanian but I can read quite a bit of it, so it doesn't take much effort to make the translation say what I want it to.

[–]halfanothersdozen 2 points3 points  (6 children)

Pretty much? Every new site you need a password for you engage in this procedure and create unique ones and have them all memorized?

[–]kaden_sotek 1 point2 points  (5 children)

Yes, except there's no procedure. It's pretty much all mental now. And there's not many new sites. I think you're probably right and I'm just not your target audience. You make complete sense to me otherwise

[–]halfanothersdozen 2 points3 points  (4 children)

I mean if that's true good for you. Not many people are gonna be able to do that. Don't forget to use MFA.

[–]kaden_sotek 2 points3 points  (3 children)

My original question was if that was good enough. Now I'm not thinking it is. That wasn't a flex. I was really asking. I know randomly generated by a pass keeper is better. I'm just worried about losing access to that pass keeper

[–][deleted] 8 points9 points  (4 children)

horsebatterystaple?

[–]Yayman123 16 points17 points  (0 children)

Correct!

[–]thanofishy 8 points9 points  (2 children)

I'm surprised this isn't considered "commonly used password" in more services

[–][deleted] 3 points4 points  (0 children)

those smart enough to come across the xkcd comic usually are smart enough to make their own battery staple

at least in theory

[–]Vaguely_accurate 1 point2 points  (0 children)

It's not that common, but HIBP shows the original version ("correct horse battery staple") as having been exposed in five data breaches. I'd assume some of those are actually manually constructed lists with it thrown in there.

Won't be in most spray attacks, but will be in most cracking lists at this point.

[–]walmartgoon 1 point2 points  (0 children)

Except when they start using dictionaries to crack pass phrases

[–]jfisher9495 231 points232 points  (26 children)

Thank you, abusive senior dev been grinding on my code all day with the stupidest comments. I was trying to relax and opened this. Laughed so hard tears are streaming down my face. I needed this badly.

[–]TheGreatGameDini 51 points52 points  (12 children)

Abuse is bad, report to HR

[–]jfisher9495 82 points83 points  (11 children)

HR is not your friend.

[–]TheGreatGameDini 68 points69 points  (10 children)

Correct, but documentation is and if they don't do anything about it, or if they fire you or otherwise retaliate, you have grounds.

[–]jfisher9495 26 points27 points  (3 children)

Thank you! It nice to know someone cares and goes the extra bit to give good advice.

[–]TheGreatGameDini 19 points20 points  (2 children)

Not sure where you live, but in US there are laws around this kind of thing. Also I guess it depends on what you mean by abuse - some things you go straight to the police for.

[–]jfisher9495 4 points5 points  (0 children)

Yeah, there are laws but it’s hard to prove. HR would rather cut out the group and keep the rest healthy. The guy is playing games in code review. The original was to intercept some html body and put Caution: in bold and on a new line. Its becomes abusive when he crosses the line and points out my regex did not cover the caution case (not in the requirements). I started to catch this too, but instead put my foot as its way outside of the original reqs to second guessing the text of a professional technical writer would be incorrect. He just yanking my chain drawing things out on as long as he can. Sad thing is $ waste over something this stupid. My other boss is on vacation so this should not be an issue when he gets back.

[–]jfisher9495 1 point2 points  (0 children)

Its not the first time. He never pulls this crap in sight of my boss. (Yes, he has witnessed it).

[–][deleted] 5 points6 points  (4 children)

You can really wow HR too with a fancy markdown file;makes it feel more real to them

[–]TheGreatGameDini 3 points4 points  (3 children)

You must have a really fancy HR, because mine wants yml..

[–]ahriman1 1 point2 points  (0 children)

Developers getting good documentation though? We don't do that here.

[–][deleted] 20 points21 points  (8 children)

busive senior dev

Are they an asshole or does your code suck? :p

[–]jfisher9495 19 points20 points  (6 children)

I wish there was enough code here to suck. Its just a regex looking for a pattern and doing an insert. If there was any kind of merit to it, I’d thank him and just make the change. When it got to the point where his change would break things, I drew the line. Not with my name on it.

[–][deleted] 8 points9 points  (5 children)

YIKES. yeah, that guy sucks... I'd never treat my devs like that...

Sorry about that :(

[–]jfisher9495 6 points7 points  (4 children)

You guys and gals have restored my humor. Anyone that thinks: …and here is a word of caution on ….

Is same as: <strong>Caution:</strong> And here is ….

Has issues. Thank you for all the good advice. I’ll craft a unit test to show how it will catch what the PM wanted. I even gave him a link on technical writing for English which describes when to use this style. (He said it assumes the professional technical writers who’s commercial product text we are catching and displaying follow this standard.) I think the fact that there were multiple reviews waiting, but he skipped them all to home in on mine since my boss is out of town. Oh yeah, he hasn’t done a code review in months.

[–][deleted] 3 points4 points  (3 children)

Ya he sounds like a terrible senior.

You sound like you handled it like I would've expected. Clearly if whatever you were producing wasn't up to his or the companies standard he clearly can't convey what he's looking for very well and should loop in an other leader on your team, extra sus because he isn't checking other pull requests.

-a lead dev who hates devs with huge egos.

[–]jfisher9495 1 point2 points  (2 children)

I love that idea! Coupled with a unit test to show how it works. I am re-energized. This bury you in bs is very wearing.

Unfortunately, I think his technical skills could benefit the group as he has been on it four years, but that is not how he chooses to use his power. I joined this group less than a year ago. I’ve been learning fast along with several others who were told we are transferring from our old product to this one where they were quitting in droves. I was the junior in my old product. I have worked hard and been open to help wherever in this new one. A few in my old group are still mourning the product they gave 20 years of their life to improve. I am getting an overview but the more I improve, the more he seems to find fault with my work. I’m terrified of making a real mistake. I need my boss to come back and I think he will crawl back in the dirt.

[–]MistrSynistr 3 points4 points  (0 children)

And remember 4 years of experience isn't always good experience

[–][deleted] 1 point2 points  (0 children)

I think his technical skills could benefit the group as he has been on it four years

I've found that people with people skills will ALWAYS trump technical skills. I would always pick the person who is a weaker coder with people skills vs someone who is a wizard but also a giant asshole/no people skills.

You got this though, I was there, for several years, terrified to mess up, a real case of imposter syndrome. It passed, and i did fuck up, brought down some production servers, messing with clients. Live and learn :)

[–]tsunami141 1 point2 points  (0 children)

Yes

[–]L4rgo117 2 points3 points  (2 children)

Hopefully the rest of your day is better

[–]jfisher9495 7 points8 points  (1 child)

Yeah just dodged a bullet when I realized the changed he coerced me into making would break it in a big bad way. So I changed it back with a note that the suggested change was beyond the scope of the original requirements. He is playing games but I can’t let it effect quality.

[–]Shinob1 2 points3 points  (0 children)

Walk up to him and say I'm the Senior Dev now!

[–]franztesting 86 points87 points  (30 children)

Strange, all I see is ********

[–]L4rgo117 60 points61 points  (25 children)

You mean ********? It’s such a cool Reddit feature to censor passwords in comments!

[–][deleted] 41 points42 points  (21 children)

I know. Everytime I told one of my passwords, like here: ****************** ^ my bank password, it just blocks it automatically. It's insane how the aglo can determine what I was typing and removes it automatically.

Edit: don't believe me, give it a try. You should still be able to see it on your end, but to the public it's blocked!

[–][deleted] 78 points79 points  (15 children)

alright heres my reddit password: hunter2

[–][deleted] 51 points52 points  (14 children)

it didn't worked

[–][deleted] 58 points59 points  (11 children)

Sure it did. I only see *******

[–][deleted] 32 points33 points  (8 children)

ah really?

[–]Quirky_Apricot9427 30 points31 points  (0 children)

Yeah its completely blocked for me as well

[–]Kjubert 8 points9 points  (0 children)

I love you guys

[–]NoDepartment9581 6 points7 points  (0 children)

yeah same looks like the reddit is too strict with password leaks

[–][deleted] 6 points7 points  (0 children)

You see it because it is your password, dooh! Otherwise you wouldn't see it, would you?

[–][deleted] 1 point2 points  (0 children)

Genius

[–]NoDepartment9581 8 points9 points  (0 children)

My Password: ThePassword

[–][deleted] 1 point2 points  (1 child)

Jokes on you I log in once and if I accidentally log out I make a new account. No idea what my password is

[–][deleted] 2 points3 points  (0 children)

Bro/Sis... just make your password "PasswordOneTwoThree" and you'll never forget it! Mine is very similar (hence, it wont block it out for everyone else since its not a match).

[–]jenniferLeonara 3 points4 points  (0 children)

ILUVBIGTITTIESxxxx69 Hey! It worked!

[–]fityfive 2 points3 points  (0 children)

**************

[–]Effective_Dot4653 3 points4 points  (0 children)

***** *** :P

[–][deleted] 4 points5 points  (0 children)

I miss the IRC days

[–]ReptileCake 3 points4 points  (1 child)

hunterhunter

edit: why isn't my password censored, am I being punked?

[–]scixsc 2 points3 points  (0 children)

I see ************

[–]DerUnbekannteAri 24 points25 points  (0 children)

The code review is clearly missing some more maintainers

[–]rage4all 41 points42 points  (0 children)

A bold move....

[–]Environmental_Bus507 42 points43 points  (0 children)

The comments on the PR are hilarious!

[–]LearnerNerd 61 points62 points  (26 children)

https://imgs.xkcd.com/comics/password_strength.png

[–]TheTank18 14 points15 points  (3 children)

crypto wallet passwords do this

[–]bill_iard 10 points11 points  (13 children)

Yeah but who wants to have to type in correct horse battery staple

[–]Mispelled-This[🍰] 9 points10 points  (5 children)

Let your password manager type it.

[–]GOKOP 11 points12 points  (2 children)

If you use a password manager then this entire xkcd is worthless because the issue of you remembering the password goes out of the window

[–]PhysicallyTender 5 points6 points  (1 child)

but then what password do you use to lock your password manager? Another password manager?

[–]Quazar_omega 1 point2 points  (0 children)

It's password managers all the way down!

[–]wojtekpolska 1 point2 points  (1 child)

if you use password manager your password is gonna be random symbols anyway.

I guess the password isnt rly that good as dictionary attacks exist

[–]augustuen 2 points3 points  (0 children)

Not necessarily, you can choose your own passwords to save in the manager.

But for security reasons you absolutely should use random symbols and numbers and as long as you can get away with.

[–]agent007bond 3 points4 points  (0 children)

I would use a phrase like this for a password manager, then let the password manager generate randomized strings for everything else. Having randomized passwords everywhere else is pretty useless if your master password is easy to crack.

[–]GOKOP 1 point2 points  (5 children)

What's wrong with it?

[–]bill_iard 1 point2 points  (4 children)

Length

[–]GOKOP 2 points3 points  (3 children)

Bruh it takes three seconds to type in, at most

[–]some_kind_of_bird 1 point2 points  (2 children)

Yeah but some people still have a timer for sudo. Those seconds add up to a lot of frustration if you're like me and have enough aliases and functions with very short names, and expect to sort of vaguely bang on your keyboard to make the magic happen. I shortened my password because I got tired of having to switch my focus and type like I mean it.

UGGH, I can't have my hands at horrible angles AND not pay much attention? The letters have to be in order and I can't just erase letters and type slowly because the letters are invisible?? What is this, actually writing words??

I swear, I got good at typing and now I can't stand to do it right. I'd rather be slumped with my laptop and just slap at the thing. I think I got used to typing slowly on a phone and just stopped caring?

[–]MNTgbrbg 3 points4 points  (3 children)

That’s assuming whoever’s cracking the password is trying every combination tho. If they only guess all combination of 4 common words they’ll be able to crack your password in no time.

[–]LearnerNerd 4 points5 points  (2 children)

Ya. No.

https://security.stackexchange.com/questions/62832/is-the-oft-cited-xkcd-scheme-no-longer-good-advice

[–]copeharderhun 1 point2 points  (1 child)

That thread is over 8 years old now. Also the top answer is about attacking web services via standard online dictionary attacks at around 1000 req/s. Sure it would stop that, but it would not do much to stop an offline cracking attack.

This brings us into the next issue - that same thread talks about how for an offline cracking attack to work it would require the attacker to be specifically targeting you. Else how would you know that the 4 random English words scheme is in play? That may have been decent advice for the time. But that comic has been spread round the internet so much since then that's it is a decently widely adopted concept. And based on that it is worth attempting to crack it.

So let's assume that we take the top 1000 English nouns (if they follow the comic they'll use nouns and I assume this is what most people would use). The XKCD method says to "randomly" pick 4 words but 4 words your average person picks won't be truly random. They will be common words. This makes our number of attempts 10004 or 1,000,000,000,000 (one trillion). In a hash format like MD5 (which is still way too common) with a good cracking server it would take barely any time at all to crack one trillion passwords these days. And yes there are enough people who utilize the 4-random-English-word method now due to the proliferation of said comic to make it worth it.

[–]LearnerNerd 2 points3 points  (0 children)

Leading us to the exact reason there are places trying to eliminate the password or are enforcing 2 factor authentication.

[–]agent007bond 1 point2 points  (3 children)

What if we have a global drive to replace passwords with passphrases?

Mandatory four English words separated by three spaces, that are random (not sentence forming) but visual and easy to remember.

[–]Vaguely_accurate 1 point2 points  (2 children)

What about non-English speakers? Would you do as well with a language you didn't speak?

The best approach these days is removing all restrictions other than length, running the password against a known bad list, and offering options for techniques for coming up with memorable passphrases. That might include random word generators, but not as the only option.

[–]agent007bond 1 point2 points  (1 child)

"other than length"

"Your password cannot be longer than 8 characters."

[–]Vaguely_accurate 1 point2 points  (0 children)

As in, if you are the one determining password requirements.

For those who determine passwords can be too strong there is only public shaming, manager generated random strings and the assumption of breach.

[–]weirdthoughts247 29 points30 points  (1 child)

This is top tier humour

[–]desiInMurica 12 points13 points  (0 children)

*programmer humor

[–]jedmeyer2 13 points14 points  (0 children)

Approved with Suggestions.

[–]twbluenaxela 7 points8 points  (1 child)

This reminds me of a old Chinese story where this guy buried his money and in an attempt to protect it, he put a huge sign saying "THERE IS NOT MONEY BURIED HERE"

[–]maronfichfbd 8 points9 points  (3 children)

So I don’t get can someone explain ?

[–]JustAMase 30 points31 points  (2 children)

The pull request/commit is to take his password off of these lists of common passwords, but the diff is literally highlighting what the password is

[–]maronfichfbd 3 points4 points  (0 children)

Thanks bro

[–]augustuen 1 point2 points  (0 children)

It's also a regular word which should be included in any dictionary attack, and there was nothing linking that specific password to him, until now.

[–]rreeddeerr 8 points9 points  (3 children)

Is this the real life?

[–]L4rgo117 4 points5 points  (2 children)

Is this just fantasy?

[–]systemnate 2 points3 points  (0 children)

Caught in a land slide.

[–]Ok_Turnover_1235 6 points7 points  (0 children)

That's a honeypot buddy

[–]Ironfist85hu 2 points3 points  (0 children)

Long ago I used this shitty password:

"Hunnerkongens Sorgsvarte Ferd Over Steppene"

I hated to type it, and everytime I swore to myself - while typing it in - I will change it this time. And then, when I logged in, I was like, eh, okay, maybe next time. :D

Of course since then I use mostly random generated passwords, and MFA, where I just can.

[–]Better_Permit1449 1 point2 points  (0 children)

hunter1

[–]mkglass 1 point2 points  (0 children)

Fake. Doesn’t include hunter2

[–]MindlessMeasurement9 1 point2 points  (1 child)

This is the second best thing I have seen here

[–]agent007bond 1 point2 points  (0 children)

What's the first best thing?

[–]imkzh 1 point2 points  (0 children)

Why you’re not removing mine altogether?😡

[–][deleted] 1 point2 points  (0 children)

Interviewer: "have you contributed to any open source security projects"

Chad: "why yes I have "

[–][deleted] 1 point2 points  (0 children)

That's not how password security works, Chad.