Mimsy Were the Borogoves

Mimsy Were the Technocrats: As long as we keep talking about it, it’s technology.

42 Astoundingly Useful Scripts and Automations for the Macintosh

Work faster and more reliably. Add actions to the services menu and the menu bar, and create drag-and-drop apps to make your Macintosh play music, roll dice, and talk. Create ASCII art from photos. There’s a script for all of that in 42 Astounding Scripts for the Macintosh.

The most popular passwords at school

Jerry Stratton, October 15, 2011

So, two months later we’re still lying to our community about the security of their passwords. We tell them that up to 30 characters are fine, and we tell them that we are checking the security of their password. But we’re not: we check the security of the password they chose, then we truncate it to eight characters.

This ends up meaning that the most popular password among our users is “password”. It’s so bad that hackers wouldn’t even need to automate getting into our system.

We have people using all of the common really bad passwords, even though the password would be rejected if the system truncated first.

  • 12345678
  • password
  • iloveyou
  • princess
  • abcdefgh
  • abcd1234

Every one of these passwords would have been rejected if entered like that. The people who have them entered longer passwords, the longer passwords were verified as relatively secure, and then the password was truncated, without telling the account owner, to eight characters.

The top ten are:

  1. password
  2. baseball
  3. football
  4. princess
  5. sunshine
  6. californ
  7. softball
  8. basketba
  9. lacrosse
  10. tie: superman, volleyba, universi, and chocolat

I’m a little disappointed that chocolate scores so low.

Out of 26,609 accounts, a total of 948 accounts fell to a simple dictionary search1; of those, 58 were “password” and eight were the account’s username. And the users aren’t to blame: they think they have a longer, more secure password, and we’ve gone out of our way to let them believe it.

In response to Embarrassing password tricks: Never trust anyone over 30 characters.

  1. I don’t want to call it a dictionary attack: there was no work involved whatsoever. It’s just the dictionary that happens to come with Mac OS X.

  1. Brute-force hacking ->