Overclock.net › Forums › Industry News › Software News › [AndroidCentral] SplashData outs 2015’s Worst Passwords List
New Posts  All Forums:Forum Nav:

[AndroidCentral] SplashData outs 2015’s Worst Passwords List - Page 5

post #41 of 54
Quote:
Originally Posted by alphabet View Post

If your email password is secure you might escape from problems and if not they will simply log in your email and reset your "complex" bank password and empty out your account while you're sleeping.

This man gets it. I'd rather my bank account password be compromised than my email account password. Banks will pick up on suspicious behaviour, and you'll often get your money back as long as you didn't actually give out your password. With access to my email account the attacker can hijack everything else linked to it via password resets, and potentially impersonate me if they can extract enough information from my emails.
    
CPUMotherboardGraphicsRAM
i7 920 D0 MSI X58 Pro-E GTX 560 Ti 448 3x2GB G.Skill DDR3-1333 9-9-9-24 
Hard DriveHard DriveOptical DriveOS
840 Pro Caviar Black LG BD-ROM Windows 8.1 Pro x64 
MonitorMonitorKeyboardPower
Dell U2713HM Dell U2311H Turbo-Trak (Google it :D) Corsair HX-520 
CaseMouseMouse PadAudio
CM690 Mionix Avior 7000 Everglide Titan AKG K 242 HD 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
i7 920 D0 MSI X58 Pro-E GTX 560 Ti 448 3x2GB G.Skill DDR3-1333 9-9-9-24 
Hard DriveHard DriveOptical DriveOS
840 Pro Caviar Black LG BD-ROM Windows 8.1 Pro x64 
MonitorMonitorKeyboardPower
Dell U2713HM Dell U2311H Turbo-Trak (Google it :D) Corsair HX-520 
CaseMouseMouse PadAudio
CM690 Mionix Avior 7000 Everglide Titan AKG K 242 HD 
  hide details  
Reply
post #42 of 54
Thread Starter 
Quote:
Originally Posted by alphabet View Post

Here is a quick example for you.

You have your bank and forum both registered to the same email. Bank is complex password with no 2FA and forum password is insecure.

The websites database becomes leaked and someone cracks your hashed+salted passwords.

A random stranger on the website now access your forum account to obtain your email address, the first thing they do is try to login to your email with the forum password. If your email password is secure you might escape from problems and if not they will simply log in your email and reset your "complex" bank password and empty out your account while you're sleeping.

The point is expecting common sense out of people is the same as expecting fairness in the world or world peace.


Spot on

Once you have an email address and some basic info + their weak password.

Using a few tools to find everything that email is linked too then you've got a good chance for a break in.
Shadownet
(12 items)
 
 
CPUMotherboardGraphicsRAM
5930k Asus rampage V Extreme  Inno3D GTX 970 Hercluez x4 airboss ultra  Gskill ripjaws DDR4 3200mhz 
Hard DriveHard DriveHard DriveCooling
WD black  WD Black  Seagate ES  Custom loop  
OSKeyboardPowerCase
Windows 10  Corsair k70  Super flower 1000 W plat  Corsair 900D 
  hide details  
Reply
Shadownet
(12 items)
 
 
CPUMotherboardGraphicsRAM
5930k Asus rampage V Extreme  Inno3D GTX 970 Hercluez x4 airboss ultra  Gskill ripjaws DDR4 3200mhz 
Hard DriveHard DriveHard DriveCooling
WD black  WD Black  Seagate ES  Custom loop  
OSKeyboardPowerCase
Windows 10  Corsair k70  Super flower 1000 W plat  Corsair 900D 
  hide details  
Reply
post #43 of 54
Quote:
Originally Posted by alphabet View Post

Here is a quick example for you.

You have your bank and forum both registered to the same email. Bank is complex password with no 2FA and forum password is insecure.

The websites database becomes leaked and someone cracks your hashed+salted passwords.

A random stranger on the website now access your forum account to obtain your email address, the first thing they do is try to login to your email with the forum password. If your email password is secure you might escape from problems and if not they will simply log in your email and reset your "complex" bank password and empty out your account while you're sleeping.

The point is expecting common sense out of people is the same as expecting fairness in the world or world peace.

In what world is this even possible? If your bank uses just your email and a password to login, change your bank?

None of the banks I've dealt with never use my email as a login and there's either an separate code card that has 64 codes that you need to enter after your password (it picks 1 randomly each time) or you use an ID card to login which you still need to have physically + 2 password.

Using email+password, that's not a bank. That's some random dude holding onto your money.
AMD
(13 items)
 
Intel
(7 items)
 
Home Server
(11 items)
 
CPUMotherboardGraphicsGraphics
AMD FX-8350 Asus M5A99FX Pro MSI Radeon R9-280x MSI Radeon R9-280x 
RAMHard DriveOptical DriveCooling
Crucial Ballistics 8GB DDR3 Cruical MX100 128GB SSD Samsung DVD-RW Cooler Master Hyper Evo 212 
OSMonitorKeyboardPower
Windows 10 Technical Preview Philips 55PFS6909/12 Logitech MX3200 Chieftec 750W 
Mouse
Khaos Limited Edition 
CPUMotherboardGraphicsRAM
Intel Core i5-4200U ACER BA50 AMD HD8750M 4GB DDR3 
Hard DriveOSMonitor
750GB HDD Windows 10 TP 15,6" 
CPUCPUMotherboardGraphics
AMD Opteron 2373EE AMD Opteron 2373EE Dell Socket Fr5 XGI® Z9s with 32MB DDRII VRAM 
RAMHard DriveOptical DriveCooling
32GB DDRII ECC 1TB HDD 7200rpm N/A Passive 
OSPowerCase
Ubuntu Server 600W Dell PowerEdge CS24-NV7 
  hide details  
Reply
AMD
(13 items)
 
Intel
(7 items)
 
Home Server
(11 items)
 
CPUMotherboardGraphicsGraphics
AMD FX-8350 Asus M5A99FX Pro MSI Radeon R9-280x MSI Radeon R9-280x 
RAMHard DriveOptical DriveCooling
Crucial Ballistics 8GB DDR3 Cruical MX100 128GB SSD Samsung DVD-RW Cooler Master Hyper Evo 212 
OSMonitorKeyboardPower
Windows 10 Technical Preview Philips 55PFS6909/12 Logitech MX3200 Chieftec 750W 
Mouse
Khaos Limited Edition 
CPUMotherboardGraphicsRAM
Intel Core i5-4200U ACER BA50 AMD HD8750M 4GB DDR3 
Hard DriveOSMonitor
750GB HDD Windows 10 TP 15,6" 
CPUCPUMotherboardGraphics
AMD Opteron 2373EE AMD Opteron 2373EE Dell Socket Fr5 XGI® Z9s with 32MB DDRII VRAM 
RAMHard DriveOptical DriveCooling
32GB DDRII ECC 1TB HDD 7200rpm N/A Passive 
OSPowerCase
Ubuntu Server 600W Dell PowerEdge CS24-NV7 
  hide details  
Reply
post #44 of 54
Quote:
Originally Posted by MadRabbit View Post

In what world is this even possible? If your bank uses just your email and a password to login, change your bank?

None of the banks I've dealt with never use my email as a login and there's either an separate code card that has 64 codes that you need to enter after your password (it picks 1 randomly each time) or you use an ID card to login which you still need to have physically + 2 password.

Using email+password, that's not a bank. That's some random dude holding onto your money.

I've seen credit unions with 10 character numeric passwords protecting the account. Not a bank, sure, but still holding money.
    
CPUMotherboardGraphicsRAM
i7 920 D0 MSI X58 Pro-E GTX 560 Ti 448 3x2GB G.Skill DDR3-1333 9-9-9-24 
Hard DriveHard DriveOptical DriveOS
840 Pro Caviar Black LG BD-ROM Windows 8.1 Pro x64 
MonitorMonitorKeyboardPower
Dell U2713HM Dell U2311H Turbo-Trak (Google it :D) Corsair HX-520 
CaseMouseMouse PadAudio
CM690 Mionix Avior 7000 Everglide Titan AKG K 242 HD 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
i7 920 D0 MSI X58 Pro-E GTX 560 Ti 448 3x2GB G.Skill DDR3-1333 9-9-9-24 
Hard DriveHard DriveOptical DriveOS
840 Pro Caviar Black LG BD-ROM Windows 8.1 Pro x64 
MonitorMonitorKeyboardPower
Dell U2713HM Dell U2311H Turbo-Trak (Google it :D) Corsair HX-520 
CaseMouseMouse PadAudio
CM690 Mionix Avior 7000 Everglide Titan AKG K 242 HD 
  hide details  
Reply
post #45 of 54
Quote:
Originally Posted by randomizer View Post

I've seen credit unions with 10 character numeric passwords protecting the account. Not a bank, sure, but still holding money.

So basically as bad as the banks he was talking about.

I mean, imho you can't always push the blame to some company out there. Sometimes people need to blame themselves as well for not doing any research or thinking "Oh this password/email combo is safe enough for my bank account" if their security is subpar and people just ditched them they would either make it more secure or go out of the business which wouldn't be that bad? - But that's just me.
AMD
(13 items)
 
Intel
(7 items)
 
Home Server
(11 items)
 
CPUMotherboardGraphicsGraphics
AMD FX-8350 Asus M5A99FX Pro MSI Radeon R9-280x MSI Radeon R9-280x 
RAMHard DriveOptical DriveCooling
Crucial Ballistics 8GB DDR3 Cruical MX100 128GB SSD Samsung DVD-RW Cooler Master Hyper Evo 212 
OSMonitorKeyboardPower
Windows 10 Technical Preview Philips 55PFS6909/12 Logitech MX3200 Chieftec 750W 
Mouse
Khaos Limited Edition 
CPUMotherboardGraphicsRAM
Intel Core i5-4200U ACER BA50 AMD HD8750M 4GB DDR3 
Hard DriveOSMonitor
750GB HDD Windows 10 TP 15,6" 
CPUCPUMotherboardGraphics
AMD Opteron 2373EE AMD Opteron 2373EE Dell Socket Fr5 XGI® Z9s with 32MB DDRII VRAM 
RAMHard DriveOptical DriveCooling
32GB DDRII ECC 1TB HDD 7200rpm N/A Passive 
OSPowerCase
Ubuntu Server 600W Dell PowerEdge CS24-NV7 
  hide details  
Reply
AMD
(13 items)
 
Intel
(7 items)
 
Home Server
(11 items)
 
CPUMotherboardGraphicsGraphics
AMD FX-8350 Asus M5A99FX Pro MSI Radeon R9-280x MSI Radeon R9-280x 
RAMHard DriveOptical DriveCooling
Crucial Ballistics 8GB DDR3 Cruical MX100 128GB SSD Samsung DVD-RW Cooler Master Hyper Evo 212 
OSMonitorKeyboardPower
Windows 10 Technical Preview Philips 55PFS6909/12 Logitech MX3200 Chieftec 750W 
Mouse
Khaos Limited Edition 
CPUMotherboardGraphicsRAM
Intel Core i5-4200U ACER BA50 AMD HD8750M 4GB DDR3 
Hard DriveOSMonitor
750GB HDD Windows 10 TP 15,6" 
CPUCPUMotherboardGraphics
AMD Opteron 2373EE AMD Opteron 2373EE Dell Socket Fr5 XGI® Z9s with 32MB DDRII VRAM 
RAMHard DriveOptical DriveCooling
32GB DDRII ECC 1TB HDD 7200rpm N/A Passive 
OSPowerCase
Ubuntu Server 600W Dell PowerEdge CS24-NV7 
  hide details  
Reply
post #46 of 54
Thread Starter 
Lol what I always love is when they email you your password in plain text after signing up for something
Shadownet
(12 items)
 
 
CPUMotherboardGraphicsRAM
5930k Asus rampage V Extreme  Inno3D GTX 970 Hercluez x4 airboss ultra  Gskill ripjaws DDR4 3200mhz 
Hard DriveHard DriveHard DriveCooling
WD black  WD Black  Seagate ES  Custom loop  
OSKeyboardPowerCase
Windows 10  Corsair k70  Super flower 1000 W plat  Corsair 900D 
  hide details  
Reply
Shadownet
(12 items)
 
 
CPUMotherboardGraphicsRAM
5930k Asus rampage V Extreme  Inno3D GTX 970 Hercluez x4 airboss ultra  Gskill ripjaws DDR4 3200mhz 
Hard DriveHard DriveHard DriveCooling
WD black  WD Black  Seagate ES  Custom loop  
OSKeyboardPowerCase
Windows 10  Corsair k70  Super flower 1000 W plat  Corsair 900D 
  hide details  
Reply
post #47 of 54
Quote:
Originally Posted by kaistledine View Post

Lol what I always love is when they email you your password in plain text after signing up for something

I actually recently stumbled upon one of these sites. doh.gif
MEGATRON
(24 items)
 
GIGATRON
(10 items)
 
 
CPUMotherboardGraphicsGraphics
Intel Core i5-3570K @ 4.8/1.32V | Hammer&Vice'd ASUS Sabertooth Z77 PowerColor R9 290 PowerColor R9 290 
RAMHard DriveHard DriveCooling
Samsung MV-3V4G3D/US 4x4GB kit @ 2200MHz 9-10-1... 2x Western Digital Caviar Black 1TB RAID 0 Samsung 840 Evo 250GB 2xAquacomputer Kryographics Hawaii Nickel/Acrylic 
CoolingCoolingCoolingCooling
XSPC Rasa Swiftech MCP-655 Vario Aquacomputer Aqualis 450mm w/ nano & Pump top 2x XSPC RX360; 1x XSPC RS360; 1x Alphacool ST 1... 
CoolingOSMonitorMonitor
EK-Vardar F4-120 8.1 x64; Ubuntu 14.10 Dell U2412M Dell U2412M 
MonitorMonitorKeyboardPower
Dell U2312H BenQ XL2411Z KBC Poker II MX Clears SeaSonic SS-850AM 
CaseMouseMouse PadAudio
Thermaltake Core X9 Mionix AVIOR 7000 Razer Goliathus Aune T1 -> Yamaha A-720 -> Sennheiser HD650 | S... 
CPUCPUMotherboardGraphics
Intel Xeon E5-2650 v4 @ 2.00GHz Intel Xeon E5-2650 v4 @ 2.00GHz SuperMicro X10DAL-i nay 
RAMHard DriveCoolingOS
2x8GB (for now) Kingston DDR4 @ 2133MHz/C16 Samsung 840 120GB EK-Vardar F4 on an Arctic Freezer i11 Ubuntu Server 16.04 
PowerCase
SeaSonic SS850-AM overrated 
  hide details  
Reply
MEGATRON
(24 items)
 
GIGATRON
(10 items)
 
 
CPUMotherboardGraphicsGraphics
Intel Core i5-3570K @ 4.8/1.32V | Hammer&Vice'd ASUS Sabertooth Z77 PowerColor R9 290 PowerColor R9 290 
RAMHard DriveHard DriveCooling
Samsung MV-3V4G3D/US 4x4GB kit @ 2200MHz 9-10-1... 2x Western Digital Caviar Black 1TB RAID 0 Samsung 840 Evo 250GB 2xAquacomputer Kryographics Hawaii Nickel/Acrylic 
CoolingCoolingCoolingCooling
XSPC Rasa Swiftech MCP-655 Vario Aquacomputer Aqualis 450mm w/ nano & Pump top 2x XSPC RX360; 1x XSPC RS360; 1x Alphacool ST 1... 
CoolingOSMonitorMonitor
EK-Vardar F4-120 8.1 x64; Ubuntu 14.10 Dell U2412M Dell U2412M 
MonitorMonitorKeyboardPower
Dell U2312H BenQ XL2411Z KBC Poker II MX Clears SeaSonic SS-850AM 
CaseMouseMouse PadAudio
Thermaltake Core X9 Mionix AVIOR 7000 Razer Goliathus Aune T1 -> Yamaha A-720 -> Sennheiser HD650 | S... 
CPUCPUMotherboardGraphics
Intel Xeon E5-2650 v4 @ 2.00GHz Intel Xeon E5-2650 v4 @ 2.00GHz SuperMicro X10DAL-i nay 
RAMHard DriveCoolingOS
2x8GB (for now) Kingston DDR4 @ 2133MHz/C16 Samsung 840 120GB EK-Vardar F4 on an Arctic Freezer i11 Ubuntu Server 16.04 
PowerCase
SeaSonic SS850-AM overrated 
  hide details  
Reply
post #48 of 54
Quote:
Originally Posted by MadRabbit View Post

In what world is this even possible? If your bank uses just your email and a password to login, change your bank?

None of the banks I've dealt with never use my email as a login and there's either an separate code card that has 64 codes that you need to enter after your password (it picks 1 randomly each time) or you use an ID card to login which you still need to have physically + 2 password.

Using email+password, that's not a bank. That's some random dude holding onto your money.
It doesn't have to be your email address specifically to log on, someone has access into your email which leads on to much more information then you want them to have. "Forgot my username/password" can be brutal on some of these crappy systems.
Edited by alphabet - 2/4/16 at 2:48am
post #49 of 54
Thread Starter 
Quote:
Originally Posted by fragamemnon View Post

I actually recently stumbled upon one of these sites. doh.gif

Loads of sites use it ... Its madness
Shadownet
(12 items)
 
 
CPUMotherboardGraphicsRAM
5930k Asus rampage V Extreme  Inno3D GTX 970 Hercluez x4 airboss ultra  Gskill ripjaws DDR4 3200mhz 
Hard DriveHard DriveHard DriveCooling
WD black  WD Black  Seagate ES  Custom loop  
OSKeyboardPowerCase
Windows 10  Corsair k70  Super flower 1000 W plat  Corsair 900D 
  hide details  
Reply
Shadownet
(12 items)
 
 
CPUMotherboardGraphicsRAM
5930k Asus rampage V Extreme  Inno3D GTX 970 Hercluez x4 airboss ultra  Gskill ripjaws DDR4 3200mhz 
Hard DriveHard DriveHard DriveCooling
WD black  WD Black  Seagate ES  Custom loop  
OSKeyboardPowerCase
Windows 10  Corsair k70  Super flower 1000 W plat  Corsair 900D 
  hide details  
Reply
post #50 of 54
Quote:
Originally Posted by kaistledine View Post

Loads of sites use it ... Its madness
Security at it's finest biggrin.gif
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Software News
Overclock.net › Forums › Industry News › Software News › [AndroidCentral] SplashData outs 2015’s Worst Passwords List