If you used any of these passwords for, well, anything, please deposit your user’s license.

It’s a little late for best/worst of 2012 lists, but no one ever said I stuck to a schedule. Besides, this one amuses particularly because, well, server admin. So it’s kind of a big deal, if you get me. And also it beats the royal hell out of an entry wherein Amazon tries screwing folks over twice just for fun, which is probably nothing new by this stage. Of course that could also mean I’ll have nothing to write about in a day or two and get back to that one, but hey you’ll have that. As for now, you’ll have the worst passwords of 2012.

Like one of the commenters to that article, I’m very glad–and yeah, okay, a little surprised–that “admin” isn’t on that list. Personally “master” is almost as bad, but considering how many people almost never actually change the default passwords to things, and those default passwords are remarkably insecure as it is, that’s a thing. Equally disturbing is that passwords like “Jesus” actually exist and don’t cause impressive amounts of damage to the folks what use them. My personal favourite on that list is “welcome”. Why? No, as in, why in the hell? As a password, even if it’s an absolutely brainless password, that doesn’t make sense. As in any. As in at all. As in please, just stop doing anything computer right now, and go back to pen and paper. Typewriter, even. It’s safer. Plus I won’t have to fix you later.

Related: If you use a thing I maintain and have a password remotely close to any of these, I’m probably gonna wanna have a conversation with you. Of course by the time I find this out you’ll probably be wanting to have a conversation with me about exactly how it is we’re gonna unbugger the crap somebody who got hold of your password buggered while you were too busy up in the weak sauce–which will make the conversation I want just that much easier to have. I like it when things work that way. Of course I like it even better when the passwords belonging to folks I fix don’t end up on one of these lists, but hey, you can’t have everything. Just remember to leave your user’s license with me when you’re done and we’ll all be fine. Or better yet, just change your bloody password.

2 comments

  1. Chris

    I’ve seen “Jesus” used as a password for a reasonably well-known (in the industry) adaptive tech software-as-a-service provider. This was used on their admin account, to protect access to their corporate intranet, through which billing and other information could be easily obtained. Further, the head of the Cripple Office for one of the universities I went to used “baseball”. With this password and access to the appropriate systems, you could get full access to everything this guy had visibility into. Also, ostensibly because he was blind, he had a rubber stamp for a signature. An unscrupulous ninja could very, very easily become him for a day. … I’m neither unscrupulous nor a ninja.

    • James

      I’m pretty sure a scrupulous non-ninja could become him for a day. Or maybe 6, if the university in question didn’t have some reasonable means of tracking access (*).

      Also: I’m suddenly a little bit offended, and maybe a touch disturbed. People actually pay dollars to guys like that? I want off.

      (*): You’ll note I don’t actually have a whole lot of faith in a system that actually *lets* someone use a password like “Jesus” when it comes to being able to track that user’s access. Or really, much of anything else of any real value.

Post a comment

You may use the following HTML:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>