On Passwords And Password Security "...And someone said Fair Warning Lord will strike that poor boy down, Turned from hunted into hunter Went to hunt somebody down..." To all computer users everywhere: The following is quoted from: _Computer Viruses, Worms, Data Diddlers, Killer Programs, and Other Threats to Your System (What They Are, How They Work, And How to Defend Your PC, Mac, or Mainframe)_, by John McAfee, Chairman, Computer Virus Industry Association, St. Martin's Press, New York, 1989, pp 89-91. "Imbedded within the InterNet virus was the following list of commonly used passwords. The passwords enabled the virus to open user files on infected systems and find out the addresses for new hosts to infect. It is a very significant list of words; glance through it to see if you can discern why. AAA ACADEMIA AEROBICS AIRPLANE ALBANY ALBATROSS ALBERT ALEX ALEXANDER ALGEBRA ALIASES ALPHABET AMA AMORPHOUS ANALOG ANCHOR ANDROMACHE ANIMALS ANSWER ANTHROPOGENIC ANVILS ANYTHING ARIA ARIADNE ARROW ARTHUR ATHENA ATMOSPHERE AZTECS AZURE BACCHUS BAILEY BANANA BANANAS BANDIT BANKS BARBER BARITONE BASS BASSOON BATMAN BEATER BEAUTY BEETHOVEN BELOVED BENZ BEOWULF BERKELEY BERLINER BERYL BEVERLY BICAMERAL BOB BRENDA BRIAN BRIDGET BROADWAY BUMBLING BURGESS CAMPANILE CANTOR CARDINAL CARMEN CAROLINA CAROLINE CASCADES CASTLE CAT CAYUGA CELTICS CERULEAN CHANGE CHARLES CHARMING CHARON CHESTER CIGAR CORNELIUS COUSCOUS CREATION CREOSOTE CRETIN DAEMON DANCER DANIEL DANNY DAVE DECEMBER DEFOE DELUGE DESPERATE DEVELOP DIETER DIGITAL DISCOVERY DISNEY DOG DROUGHT DUNCAN EAGER EASIER EDGES EDINBURGH EDWIN EDWINA EGGHEAD EIDERDOWN EILEEN EINSTEIN ELEPHANT ELIZABETH ELLEN EMERALD ENGINE ENGINEER ENTERPRISE ENZYME ERSATZ ESTABLISH ESTATE EUCLID EVELYN EXTENSION FAIRWAY FELICIA FENDER FERMAT FIDELITY FINITE FISHERS FLAKES FLOAT FLOWER FLOWERS FOOLPROOF FOOTBALL FORESIGHT FORMAT FORSYTHE FOURIER FRED FRIEND FRIGHTEN FUN FUNGIBLE GABRIEL GARDNER GARFIELD GAUSS GEORGE GERTRUDE GINGER GLACIER GNU GUNTIS HACKER HAMLET HANDILY HAPPENING HARMONY HAROLD HARVEY HEBRIDES HEINLEIN HELLO HELP HERBERT HIAWATHA HIBERNIA HONEY HORSE HORUS HUTCHINS IMBROGLIO IMPERIAL INCLUDE INGRES INGRESS INNA INNOCUOUS IRISHMAN ISIS JAPAN JESSICA JESTER JIXIAN JOHNNY JOSEPH JOSHUA JUDITH JUGGLE JULIA KATHLEEN KERMIT KERNEL KIRKLAND KNIGHT LADLE LAMBDA LAMINATION LARKIN LARRY LAZARUS LEBESGUE LEE LELAND LEROY LEWIS LIGHT LISA LOUIS LYNNE MACINTOSH MACK MAGGOT MAGIC MALCOLM MARK MARKUS MARTY MARVIN MASTER MAURICE MELLON MERLIN METS MICHAEL MICHELLE MIKE MINIMUM MINSKY MOGULS NOXIOUS NUTRITION NYQUIST OCEANOGRAPHY OCELOT OLIVETTI OLIVIA ORACLE ORCA ORWELL OSIRIS OUTLAW OXFORD PACIFIC PAINLESS PAKISTAN PAM PAPERS PASSWORD PATRICIA PENGUIN PEORIA PERCOLATE PERSIMMON PERSONA PETE PETER PHILIP PHOENIX PIERRE PIZZA PLOVER PLYMOUTH POLYNOMIAL PONDERING PORK POSTER PRAISE PRECIOUS PRELUDE PRINCE PRINCETON PROTECT PROTOZOA PUMPKIN PUNEET PUPPET RABBIT RACHMANINOFF RAINBOW RAINDROP RALEIGH RANDOM RASCAL REALLY REBECCA REMOTE RICK RIPPLE ROBOTICS ROCHESTER ROLEX ROMANO RONALD ROSEBUD ROSEMARY ROSES RUBEN RULES RUTH SAL SAXON SCAMPER SCHEME SCOTT SCOTTY SECRET SIMON SIMPLE SINGER SINGLE SMILE SMILES SMOOCH SMOTHER SNATCH SNOOPY SOAP SOCRATES SOSSINA SPARROWS SPIT SPRING SPRINGER SQUIRES STRANGLE STRATFORD STUTTGART SUBWAY SUCCESS SUMMER SUPER SUPERSTAGE SUPPORT SUPPORTED SURFER SUZANNE SWEARER SYMMETRY TANGERINE TAPE TARGET TARRAGON TAYLOR TELEPHONE TEMPTATION THAILAND TIGER TOGGLE TOMATO TOPOGRAPHY TORTOISE TOYOTA TRAILS TRIVIAL TROMBONE TUBAS TUTTLE UMESH UNHAPPY UNICORN UNKNOWN URCHIN UTILITY VASANT VERTIGO VICKY VILLAGE VIRGINIA WARREN WATER WEENIE WHATNOT WHITING WHITNEY WILL WILLIAM WILLIAMSBURG WILLIE WINSTON WISCONSIN WIZARD WOMBAT Statistical analysis of password usage shows that over 90 percent of all large computer systems have at least one user who has chosen one of the above words as his or her password. As a hacker needs only one password to gain access into most systems, this list is the equivalent of a very efficient skeleton key that opens many electronic locks." * * * * * * * * * * Look, users, this is a warning to you. THIS LIST SHOULD BE A MATTER OF PUBLIC RECORD ON EVERY BBS. The computer criminals already know about this; it is the users who are in the dark. If you use a password on this list, change it. If you think an uncommon term like 'lebesgue' or 'fungible' won't be guessed, guess again. Don't let this list lull you into a false sense of security because the passwords you use aren't on it; this list is not the last word on illegal computer entry, indeed it is merely the first. Change your password frequently! (Sysops are in a far better position than anyone to warn users about password security. Sysops who know of users who have used any of these words for passwords may want to give those users a warning. This text file can be downloaded from this BBS.) Now for an opinion: Passwords are about the weakest form of security I can imagine. Passwords can be stolen, programs have been written to crack any simple short alphanumeric string. The above list is only an example of how easy it is to use a computer to break and enter another computer. There are more. My point is, is that there must be a better way. I don't have the answer to what that way might be, but it's time for somebody to think of something. This password thing isn't working. Jason Mack (which is on the list) 6/29/91 --- Rev History: Final Draft 1991-06-29 Slight edit for tone and style 2007-03-27