Comments
'Starwars' Debuts on List of Worst Passwords of 2017
Newest First  |  Oldest First  |  Threaded View
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
1/5/2018 | 12:05:58 PM
Re: My recommendation
True enough about hobbies in general.  The vocabulatory and usage combinatoins is what does count.  You can like history enough to choose a segment of it as a small dictionery reference tool, i.e. words and numbers used in combination plus odd characters.  Ok, easy enough - but the combinations are what DOES matter.  And those can be astronomical indeed.  I have about 10 password combos in use at any one time --- but they are composed of words-numbers-char that are very difficult to crack unless you know my base logic which I am not spekaing of here for obvious reasons. 
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
12/23/2017 | 5:51:26 PM
Re: My recommendation
@REISEN: Eh. Hobbies aren't necessarily *that* unique. People who pay any attention to me on social, for example, have an idea of the kind of stuff I'm into.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
12/23/2017 | 5:50:22 PM
Re: Password Complexity Policy
@Ryan: Yeah, but what's even worse are IT-enforced security questions where you can only choose from a very short list of questions to which the answers are easily found or guessed.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
12/23/2017 | 5:49:23 PM
Re: My recommendation
@RyanSepe: Unless your hobbies *are* Star Wars-related...

The problem with using hobbies as the basis of passwords is that, often, hobbies are at least somewhat public in this day and age.
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
12/19/2017 | 10:30:43 AM
Re: Bill Murray
...pretty sure he used the tune from "The Love Boat."
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
12/19/2017 | 10:22:44 AM
Bill Murray
For some strange reason, I keep hearing Bill Murray's lounge lizard sketch on SNL, where he crooned that silly "Star Wars" song.
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
12/19/2017 | 9:43:40 AM
Re: My recommendation
Precisely - hobbies are UNIQUE and we all REMEMBER them very well.  You can use an abundance of tech terms whether history or just simple knitting and bunch together with any special character and there is a solid password without revealing ANY family details to give it away.  
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
12/19/2017 | 9:38:29 AM
Re: My recommendation
It is a matter of retention and complexity. Ships work for you and the same can be said for others. Mold your hobbies into a passphrase is a much better practice than 'starwars'.
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
12/19/2017 | 9:36:53 AM
Password Complexity Policy
For every single password in this list, it is abundantly transparent for why enforcing password complexity is paramount. Left to ones own devices many would create a password that could be cracked in a matter of seconds.
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
12/19/2017 | 9:00:35 AM
My recommendation
Users like passwords that are easy to remember - and this list certainly qualifies for dumb and dumber.  So for my 2 cents, everyone has a HOBBY - something unique to us that WE know and enjoy.  For me it is history and ships and there are any number of unique combinations I can mold data INTO to make a secure password and I WILL NEVER FORGET IT.  Easy. 


White House Cybersecurity Strategy at a Crossroads
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/17/2018
The Fundamental Flaw in Security Awareness Programs
Ira Winkler, CISSP, President, Secure Mentem,  7/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-14492
PUBLISHED: 2018-07-21
Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, and AC10 through V15.03.06.23_CN devices have a Stack-based Buffer Overflow via a long limitSpeed or limitSpeedup parameter to an unspecified /goform URI.
CVE-2018-3770
PUBLISHED: 2018-07-20
A path traversal exists in markdown-pdf version <9.0.0 that allows a user to insert a malicious html code that can result in reading the local files.
CVE-2018-3771
PUBLISHED: 2018-07-20
An XSS in statics-server <= 0.0.9 can be used via injected iframe in the filename when statics-server displays directory index in the browser.
CVE-2018-5065
PUBLISHED: 2018-07-20
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
CVE-2018-5066
PUBLISHED: 2018-07-20
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.