home.social

#bottom10 — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #bottom10, aggregated by home.social.

  1. It's time to update the list of the 10 worst #passwords of the year. Which passwords are so bad that you can expect them to be compromised within minutes?

    Here are the #bottom10, the 10 passwords with the most login attempts on our honeypots in 2023:

    - 123456
    - root
    - admin
    - 1234
    - password
    - 123
    - 12345
    - 12345678
    - 1
    - test

    There are two newcomers to this list who didn't make the bottom 10 last year: "12345678" and "test".

    Again, it is surprising how obviously bad these passwords are. Only two of them have the minimum length of 8 characters that is usually required, and are therefore unlikely to be used on any real system. But further down the list are passwords like "P@ssw0rd" or "1qaz@WSX" that could be used. None of these passwords will last a day if used on a service that is exposed to attacks from the Internet (such as SSH).

    For a more comprehensive list of the 1000 all-time worst passwords, check out: github.com/lutrasecurity/bad-p
    For the bottom 10 of 2022, see: infosec.exchange/@lutrasecurit