Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 17 Dec 2012 18:54:17 -0700
From: Stephen John Smoogen <>
Subject: Re: interesting password cracking discovery

On 17 December 2012 14:00, Jerry <> wrote:
> We've all see numerous security announcements, etc, about people using
> bad passwords, including using password, spouse or child's name, etc.
> I was recently running john against an old password file from back in
> the 1995-1996 time period.  John has been running on the file for
> awhile, and I just had a large group of password matches.
> For what ever reason, a large group of people decided to use their home
> phone number as a password.  Specifically, if a person had a phone
> number of (123) 456-7890 , the had used 4567890 or 456-7890 as their
> password.
> Password security, at least for many, has progressed a great deal since
> the 90's, and I have seen all types of bad password security articles, I
> just don't recall seeing people use phone numbers as passwords.
> I am curious if others have observed similar occurrences, or if this is
> unique.

People use phone numbers quite a bit still. I found that xxx-xxxx very
very useful at various sites. The other ones that are useful are
xxx-xx-xxxx and xxx-xx-xxxx . After that taking words and adding some
numbers at the front and "Str", "Ave", "Rd" etc at the end is also
fairly common. It is one of those things that people will use what
they can remember the easiest.. so the person's address growing up
will get used as much as their phone number.

> Jerry

Stephen J Smoogen.
"Don't derail a useful feature for the 99% because you're not in it."
Linus Torvalds
"Years ago my mother used to say to me,... Elwood, you must be oh
so smart or oh so pleasant. Well, for years I was smart. I
recommend pleasant. You may quote me."  —James Stewart as Elwood P. Dowd

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.