Ars Technica talked three password crackers into doing their worst to a leaked database of 16,000 passwords, to see what they could learn.
They learned a lot, and we can learn a lot from their experience as well. “qeadzcwrsfxv1331” isn’t a good password. Neither is “Philippians4:13.” Neither is “correcthorsebatterystaple.” Neither is “Qbesancon321” or “Qbe$@ncon321.” Password guessing has too much intelligence built into it now.
And not only that, by continuing to use the password “popcorn,” you make it easier for those guys to guess other passwords too. Read more
David Farquhar is a computer security professional, entrepreneur, and author. He started his career as a part-time computer technician in 1994, worked his way up to system administrator by 1997, and has specialized in vulnerability management since 2013. He invests in real estate on the side and his hobbies include O gauge trains, baseball cards, and retro computers and video games. A University of Missouri graduate, he holds CISSP and Security+ certifications. He lives in St. Louis with his family.