The other night I was browsing on internet and saw Have I Been Pwned website. It is a popular service to, well, know if you’ve been “Pwned” or in other words hacked. And I was.
That made me quite sad and I started thinking about all the ways bad guys can use my data. Then I read that there were some other 622 million unique email addresses in this particular hack. The number appeased me a bit. And then I thought about passwords.
I thought about the existential meaning of it. There is a big internet that runs on underwater cables. And there we are, mortals, that use it for our personal needs. And there are millions of rooms to enter. To enter using a password.
In the olden days, passwords were used by spies, lovers, soldiers but the usage was different. Now it’s all about us, a password became the most personal and precious of all things on the web. It’s our shield, our ticket, our identity after all. And hacking the password means hacking our own personality, the worst kind of a cybercrime.
With these thoughts running through my head at 3am I went to Pastebin and searched for a leaked password database. Yes, I was curious what people use as a password. The leaked database in question was no secret. It was 2012 LinkedIn hack. I browsed through this, this and this pastes. Probably, they were not verified. But I couldn’t imagine myself a hacker that would invent passwords like “w0lfgang” (with a zero instead of o) out of the blue.
I knew that it was bad to browse through other people’s passwords. Even if they were leaked 8 years ago. Even if I didn’t download the full database and just peeked at the samples provided by some pastebin hacker. But I couldn’t help it. I needed to know how my password compares to the others. And it was a depressing experience.
So I propose you an improvised list of the best (aka worst) passwords in this hack. Don’t get me wrong, I don’t want to make fun of the people who got hacked (don’t forget that I was pwned too). I want this list to be a cautious tale for those who still use “bigdaddy” or “qwerty123” or “maga2020!” (alright, this one has “!” so it’s already something). “Don’t play with fire, use a strong password” is a takeaway I want people to make after reading this improvised list.
Ok, here it is.
What’s your password? “password”. Ok. Just plain sad.
You can do better aclcarter. Something like “passwordS” or “12345678”.
Delicious but still vulnerable. I bet it’s a very pleasant password though. Every time you enter LinkedIn you’re thinking about a chococookie. What a life.
Now that’s a sentimental one. And I feel kinda bad even for looking at it. Because perhaps there is a personal story behind the word “sunshine”. Maybe it’s connected to a wife, it is her nickname. Or it was someone’s nickname and now it bears a powerful meaning. Or maybe it’s the word that was used by a girl this person had a first kiss with. Or not a kiss but something more serious. We don’t know, okay. What we know though is that “sunshine” is not the best password when it comes to LinkedIn.
I see whatcha doing there, Toby. Banana with an extra “n”. That’s smart. Or maybe it’s just the way this person thinks banana is spelled. Either way it sucks. Because hackers would go bananas knowing how easy is to hack this one.
I wonder what on earth can make you use plural “upgrades” for a password. But some people do it. I would have never guessed this one to be honest.
Although all we need is lovelove, we don’t need it as a password for sure.
You get what you deserve.
It’s about the animal, right?
Just how sweet is that.
I think it’s time to stop. Maybe one day I will write a book about the bad and weak passwords but I think the aforementioned entries are enough to prove the point. And yes, I have to do this, my PSA to you:
See you on Twitter.