More Top Worst Passwords

Back when I wrote Perfect Passwords, I generated a list of the top 500 worst (aka most common) passwords which seems to have propagated quite a bit across the internet, including being mentioned on Gizomodo,  Boing Boing, Symantec,  Laughing Squid and many other sites. Since then I have collected a large number of new passwords […]

The Worst Password Tips

  Because I have always been so fascinated with passwords, I always like to hear different tips people have for creating strong passwords. However, I have to admit that most of the tips I run across are actually kind of lame and really are not very secure. Unfortunately, some of these tips are quite popular […]

Worst Password Policy Ever?

I have seen many silly and overly complex password policies over the years, but I think that the TSA’s TWIC password policy has to be the worst I have ever seen. Their password policy is as follows: Minimum password length is eight characters. Passwords must contain at least one of each of the following: one […]

How I Collect Passwords

Some of you out there know that I have been collecting passwords for quite some time. Since 1998 to be exact. Originally I did it just to have big wordlists for password cracking, then I started gathering them for research on my Perfect Passwords book, finally it became like a big ball of string where […]

Another Strange Password Policy

It still amazes me that after all the education over the years that there are still so many poor password policies out there. Anyone who has ever filled out a web form likely has run into these overly complex and frustrating passwords policies. But sometimes a password policy is an indication of a bigger problem. […]

Ars Technica Says Don’t Punish the Users

I was reading this ars technica article that talks about how some are angered by LulzSec releasing a sample of their Sony passwords. They quoted one Twitter user who basically told them to not punish the users for Sony’s sake. But here’s the problem with that argument: those one million accounts accounts have already been […]