Picking the low hanging passwords by David Gilbertson


According to a not-at-all recent report by Keeper, there’s a 50/50 chance that any user account can be accessed with one of the 25 most common passwords. And there’s a 17% chance that the password is 123456. This strikes me as absolute rubbish, but it got me thinking, if I want to get unfettered access to some user accounts, and I don’t really care which accounts, rather than using ‘brute force’ by trying many passwords for one user account, it makes much more sense to flip that and try one password on many user accounts. If Keeper are right (and not misinterpreting the data which I’m totally not accusing them of doing), then I could try the password “123456” on a random selection of accounts and for 1 in 5 attempts I’d be in like Flynn. So I tried exactly this on Reddit, copy/pasting usernames into the sign in form,....

February 11, 2019
Notify of
Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023
What certifications or qualifications do you hold?
Max. file size: 150 MB.
What level of experience should the ideal candidate have?
What certifications or qualifications are preferred?

Download Free eBook

Step 1 of 4


We’re committed to your privacy. Hakin9 uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.