Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Why 'ji32k7au4a83' Is a Remarkably Common Password

From: InfoSec News <alerts () infosecnews org>
Date: Wed, 6 Mar 2019 07:17:52 +0000 (UTC)
https://gizmodo.com/why-ji32k7au4a83-is-a-remarkably-common-password-1833045282

By Rhett Jones
Gizmodo.com
March 5, 2019
For too many people, moving the digits around in some variation of Patriots69Lover is their idea of a strong password. So you might expect something complicated like" "ji32k7au4a83" would be a great password. But according to the data breach repository Have I Been Pwned (HIBP), it shows up more often than one might expect.
This interesting bit of trivia comes from self-described hardware/software engineer Robert Ou, who recently asked his Twitter followers if they could explain why this seemingly random string of numbers has been seen by HIBP over a hundred times. 

     Fun thing I learned today regarding secure passwords: the password
     "ji32k7au4a83" looks like it'd be decently secure, right? But if you
     check e.g. HIBP, it's been seen over a hundred times. Challenge: explain
     why and how this happened and how this password might be guessed

     — Robert Ou @ BSidesSF (@rqou_) March 1, 2019
     https://twitter.com/rqou_/status/1101331385632022528?ref_src=twsrc%5Etfw
Have I Been Pwned is an aggregator that was started by security expert Troy Hunt to help people find out if their email or personal data has shown up in any prominent data breaches. One service it offers is a password search that allows you to check if your password has shown up in any data breaches that are on the radar of the security community. In this case, "ji32k7au4a83" has been seen by HIBP in 141 breaches.
Several of Ou’s followers quickly figured out the solution to his riddle. The password is coming from the Zhuyin Fuhao system for transliterating Mandarin. The reason it’s showing up fairly often in a data breach repository is because "ji32k7au4a83: translates to English as "my password." 

[...]


--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
Previous By Date Next
Previous By Thread Next

Current thread: