💾 Archived View for spam.works › mirrors › textfiles › computers › password.txt captured on 2023-06-14 at 16:04:26.
-=-=-=-=-=-=-
VERY good advice about your password.
Originally sent on STaTus BBS, and reprinted here by permission of the author.
Message : 9359 [Open] 3-31-91 9:40am
From : Murray Moffatt
To : Jon Clarke (x)
Subject : #9344 hi
Sig(s) : 1 (General)
Speaking of passwords, I think it's probably a good idea that someone
should advise our new (and not so new) users on the art of picking
passwords. Anybody volunteer? Speak now or forever hold your peace? No?
Ok, I'll take it on myself to do this.
Your password is the only thing that stands between you and some nasty
haker-type person. Your username is common knowledge to everybody that
uses the system, so you must keep your password secret. This means not
telling people, or lending it to people, or writing it down and sticking
it to your screen, or anything like that.
It also means that you must choose your password carefully. Recent
experiements have shown that 25% of people choose passwords that can
easily be hacked. The method that is most often used to hack a password is
called the 'dictionary hack'. The hacker gets a dictionary and goes
through it trying each word as the password. Of course he doesn't do this
by hand, he writes a little prog to do it, and the dictionary is a file of
words. So, if you use a word that is found in the dictionary, you'll be
found out. Just stop for a second and think if any of your passwords are
words that are found in the dictionary?
So, how do you combat this? Simple, don't choose words from the
dictionary! But at the same time it's not a good idea to use dates,
number plates, phone numbers, etc. The best ways are to make us words.
Simply string two or more words together to form a new word. For example,
BLADE and RUNNER may be in the dictionary, but I'll bet that BLADERUNNER
or BLADE-RUNNER or BLADE.RUNNER isn't! You can also use the initial
letters from words of a phrase. For example, Three Blind Mice Ran Up The
Clock would translate to a password of TBMRUTC. Looks like a nonsense
word, doesn't it? But it means something to you, you just have to remember
the phrase.
Also, remember not to use the same password on different systems. I know
that this is a hard thing not to do, but try to have different passwords
on each board you use. And change the passwords regularly. Where I work
all the passwords expire after 30 days, and you're forced to enter a new
one. Some systems, like IBM systems, remember the last 5 or so passwords
that you've used, and won't let you re-use them. They also force you to
have at least one digit in the password and other things as well.
Oh, and one last thing. There are a whole lot of commonly used passwords.
These passwords are used so often by people, that the hacker will always
try these first.
Heres a list that I grabbed of Usenet that someone posted of the most
commonly used passwords:
alt/security/ 369
From: jsax@cdp.UUCP
Subject: Re: OVERUSED PASSWORDS
Date: 9 Jan 91 05:08:00 GMT
Nf-ID: #R:cdp:1159900002:cdp:1159900003:000:6649
Nf-From: cdp.UUCP!jsax Jan 8 21:08:00 1991
Taken from
'A Novice's Guide to Hacking- 1989 Edition'
by
The Mentor LOD/H
Password List
=============
aaa daniel jester rascal
academia danny johnny really
ada dave joseph rebecca
adrian deb joshua remote
aerobics debbie judith rick
airplane deborah juggle reagan
albany december julia robot
albatross desperate kathleen robotics
albert develop kermit rolex
alex diet kernel ronald
alexander digital knight rosebud
algebra discovery lambda rosemary
alias disney larry roses
alpha dog lazarus ruben
alphabet drought lee rules
ama duncan leroy ruth
amy easy lewis sal
analog eatme light saxon
anchor edges lisa scheme
andy edwin louis scott
andrea egghead lynne scotty
animal eileen mac secret
answer einstein macintosh sensor
anything elephant mack serenity
arrow elizabeth maggot sex
arthur ellen magic shark
asshole emerald malcolm sharon
athena engine mark shit
atmosphere engineer markus shiva
bacchus enterprise marty shuttle
badass enzyme marvin simon
bailey euclid master simple
banana evelyn maurice singer
bandit extension merlin single
banks fairway mets smile
bass felicia michael smiles
batman fender michelle smooch
beauty fermat mike smother
beaver finite minimum snatch
beethoven flower minsky snoopy
beloved foolproof mogul soap
benz football moose socrates
beowulf format mozart spit
berkeley forsythe nancy spring
berlin fourier napoleon subway
beta fred network success
beverly friend newton summer
bob frighten next super
brenda fun olivia support
brian gabriel oracle surfer
bridget garfield orca suzanne
broadway gauss orwell tangerine
bumbling george osiris tape
cardinal gertrude outlaw target
carmen gibson oxford taylor
carolina ginger pacific telephone
caroline gnu painless temptation
castle golf pam tiger
cat golfer paper toggle
celtics gorgeous password tomato
change graham pat toyota
charles gryphon patricia trivial
charming guest penguin unhappy
charon guitar pete unicorn
chester hacker peter unknown
cigar harmony philip urchin
classic harold phoenix utility
coffee harvey pierre vicky
coke heinlein pizza virginia
collins hello plover warren
comrade help polynomial water
computer herbert praise weenie
condo honey prelude whatnot
condom horse prince whitney
cookie imperial protect will
cooper include pumpkin william
create ingres puppet willie
creation innocuous rabbit winston
creator irishman rachmaninoff wizard
cretin isis rainbow wombat
daemon japan raindrop yosemite
dancer jessica random zap
----snip-----snip-----------
The Internet Worm used a lot of the above passwords in it's first
password pass. After that it just used the dictionary, etc.
It'd really be worth it to check this list when people change
passwords. That plus 1-2 month password expire is good security.
It's amazing how many people use SECRET or MODEM for their
password. Not to mention using their first name..
Jon "God hates me."
vector0!jon@sactoh0.SAC.CA.US "Hate 'im back, works for me."
...ames!pacbell!sactoh0!vector0!jon
alt/security/ 372
From: shipley@remarque.berkeley.edu (Pete Shipley)
Subject: Re: OVERUSED PASSWORDS
Date: 10 Jan 91 01:58:06 GMT
Organization: Processed People for a Processed America
In article <1159900002@cdp> jsax@cdp.UUCP writes:
>
>I received this from a respondent to my article on alt.security
>recently. Is your password on the list? (Tell me! Tell me!)
>
> These are passwords that were used by the Internet worm, and
>are included in COPS.
>
>
>aaa
I person would be crazy to admit there password is on that list,
because you will be able to crack that persons account in less then two
minutes using telnet.
Note that list is used my everyone, it is effective on non-educated
users but since every password checker written in the last five years
has this list (or the list the internet worm was built from) it is not
as useful as it once was for password cracking. I suggest aquiring a
list of female names, I have had the most sucess with those lists.
My 8mm tape collection used a list of common last names, female names,
male names, the worm list, /usr/dict/words (from SunOS 4.1) and the
word list from Webster's 7th Collegiate Dictionary, plus a list I put
together (contains default password some OS's come with).
-Pete
Pete Shipley:
email: shipley@berkeley.edu Flames:
cimarron@postgres.berkeley.edu
uunet!lurnix!shipley or ucbvax!shipley or apple!nli!{root,shipley}
Spelling corections: /dev/null Quote: "Anger is an energy"
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::