This week was not a good one for "cloud security". No less than three major web sites had their password databases stolen, with LinkedIn as one of the biggest hits. Since they did not "salt" their password hashes, there is now a trove of easily crackable password hashes for everybody to go through.
Not exactly my cup of tea, but what I found interesting was this tool which lets you check whether a passwords was included on the list of 6.5 million. Now, I wouldn't advice anybody to type their real password in there, no matter how much that web sites claims they are the "good guys". However, it's fun to see what other "clever" passwords people come up with. Here's some of the ones I've found (minimum length at LinkedIn was 6 characters).
The obvious: password, 123456, qwerty
The keyboard layout: qazwsx, zse4xdr5, 0987654321, mnbvcxz.
Well, virtually every "clever" layout combination I can come up with. Including "super clever" ones like: zse456, 890okm, !QAZ"WSX.
The names: harry1, harry2, harry3, harry4, harry5, harry6, harry7, harry8, harry25, harry26, anna25, john30.
The famous: rambo1, gaga12, posh10, clinton, billgates, hilton
The pets: puppy1, puppy2, bonzo1, pluto1.
The cities: london, newyork, berlin, oslo11, tokyo1, zurich
The obscene: Actually, I'd rather not have my blog black-listed by iterating them here. You go ahead and try yourself. There's many of them. If the word doesn't make up six letters, append 1 or 10.
Ok, that's enough fun for now. I'm thinking this would make a great game! A twist on the old hang-man. Or maybe more time-based: Guess 10 LinkedIn passwords in 20 seconds. Well, looking at the examples above, that's possibly too easy.