Picking the low hanging passwords by David Gilbertson

Feb 11, 2019

According to a not-at-all recent report by Keeper, there’s a 50/50 chance that any user account can be accessed with one of the 25 most common passwords.

And there’s a 17% chance that the password is 123456.

This strikes me as absolute rubbish, but it got me thinking, if I want to get unfettered access to some user accounts, and I don’t really care which accounts, rather than using ‘brute force’ by trying many passwords for one user account, it makes much more sense to flip that and try one password on many user accounts.

If Keeper are right (and not misinterpreting the data which I’m totally not accusing them of doing), then I could try the password “123456” on a random selection of accounts and for 1 in 5 attempts I’d be in like Flynn.

So I tried exactly this on Reddit, copy/pasting usernames into the sign in form, leaving the password as 123456 and clicking login. Over and over again.

Of the 30 user names I tried, this password worked for 0 of them. A strike rate of roughly 0%.

....

Author

Hakin9 TEAM
Hakin9 is a monthly magazine dedicated to hacking and cybersecurity. In every edition, we try to focus on different approaches to show various techniques - defensive and offensive. This knowledge will help you understand how most popular attacks are performed and how to protect your data from them. Our tutorials, case studies and online courses will prepare you for the upcoming, potential threats in the cyber security world. We collaborate with many individuals and universities and public institutions, but also with companies such as Xento Systems, CATO Networks, EY, CIPHER Intelligence LAB, redBorder, TSG, and others.
Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023