Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Can you name the most used passwords of all time? (sporcle.com)
1 point by edw519 on Aug 19, 2009 | hide | past | favorite | 8 comments


In other words: we're looking to update our top password lists that we use for site cracks &c., please give us your top passwords, check your own isn't there (go on what harm can it do) - we promise we'll tie those to your history profile via the referer information (and js history hacks!), then we'll run an automated attack against all the top social sites using your passwords you entered.

If we're really lucky we might be able to sniff a username cookie and badda-bing, we're in.

Have a nice day!


You're taking it a bit too seriously - this is a well known quiz site that features other popular quizzes such as "How many Simpsons characters can you name?"

Given that the answers (passwords) are things like "password", "qwerty" and "1234", I would hope that no HN member is currently using any of them.


Your bank is running a prize draw for loyal customers - Fill in your bank account number to see if you've already won a prize:

Please add your full name, phone number and main email address so that we can contact you about your winnings:


I could give you my bank account number, name, phone number and email address and it would make no difference. My bank uses none of these things to identify me.


Really? What do they use?

Do you think I could find when you're on holiday, then call the bank [apparently] from your phone number and with the account details and say "my brother has been killed interrupting a robbery, could you halt the account" ... would that make a difference?

I wonder if they'd need anything more than a [forged] death certificate to cash out the account?

You carry plenty of cash on holiday don't you, so that when your accounts stopped you can get home quickly?

a little info + social engineering >= lots of hassle


My bank use a unique 12 digit number and a PIN I've chosen (and THEN my full name, address, etc).

I don't have my account set up for telephone banking.

I don't go on holidays, except perhaps local expeditions. Easy peasy to get home.

Your forged death certificate wouldn't get you very much - I keep the majority of my money in other accounts.

Don't get me wrong, although I keep my money fairly secure I know what you're getting at. But, I think it's a big leap of faith to assume that someone who has a go at guessing known easy passwords is also going to fill in their bank account details too.


Hopefully pg stores the passwords in plaintext so he can set up a quiz like this for HN passwords just to be sure.


I got 4. (No, I'm not that kind of hacker.)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: