Strong Passwords

Related Articles

Strong passwords are your first step in securing your systems. If a password can be easily guessed or compromised using a simple dictionary attack, your systems will be vulnerable to hackers, worms, Trojans, and viruses. VirusScan_120X240_promo

Trojan, virus, and worm authors have had great success attacking systems with weak and/or default passwords. Take IRC/Flood Trojan for example. McAfee?s virus profile states that IRC/Flood has over 120 variants and has infected over 60,000 machines in the last 30 days. IRC/Flood succeeds by checking for 22 different different easy to guess admin passwords (variants vary).  Unfortunately, there are a lot more where IRC/Flood came from, W32/Tzet.worm, W32/Random.worm, and W32.HLLW.Gaobot.gen are in the wild just to name three.

Hackers also have no problem compromising systems with weak passwords.  Programs like L0phtCrack for example make the process simple and efficient. Creating a password-cracking dictionary is not even a challenge.  Type the words "Creating Password Cracking Dictionaries", without the quotes, into your favorite search engine. A comprehensive dictionary can be downloaded or created from scratch in short order.

Below is a list of commonly used weak passwords that should NEVER be used. If any of these passwords look hauntingly familiar and are being used, you need to change the password immediately.


  
 
Alpha Weak Passwords
A
  a, A.M.I, A52896nG93096a, aaa, aammii, abc, abcd, academia, academic, accept, access, ACCESS,
  account, accounting, action, adam, ADAMS, adfexc, adm, admin, ADMIN, Admin, admin2, administrator, Administrator, adminttd, ADMN,
  admn, adrian, adrianna, adtran, adult, Advance, ADVMAIL, aerobics, alfarome, ALFAROME, ALLIN1, ALLIN1MAIL, ALLINONE, aLLy, ALLy,
  alpha, AM, AMI, AMI!SW, AMI.KEY, AMI.KEZ, AMI?SW, AMI_SW, AMI~, AMIAMI, AMIDECOD, amipswd, AMIPSWD, AMISETUP, anicust, anon, anonymous, any@, ANYCOM, AP2SVP, aPAf, APL2PP, APPLSYS, APPS, AQDEMO, AQUSER, ARCHIVIST, Asante, ascend, Ascend, asdf, asdfgh, at4400, attack, AURORA$ORB$UNAUTHENTICATED, AURORA@ORB@UNAUTHENTICATED, autocad, AUTOLOG1, Award, award, AWARD?SW, AWARD_SW, awkward
  
B
  BACKUP, BATCH, BATCH1, BATCH2, bbs, bciim, bciimpw, bcms, bcmspw, bcnas, bcnaspw, bell9, BIGO, bin,
  bintec, BIOS, BIOSPASS, biosstar, biostar, Biostar, BIOSTAR, BLAKE, blue, bluepw, boss, BRIDGE, browse, browsepw
  
C
  c, cablecom, cable-docsis, CAROLIAN, cascade, CATALOG, cc, CCC, ccrusr, CDEMO82, CDEMOCOR, CDEMORID,
  CDEMOUCB, central, CHANGE_ON_INSTALL, changeme, checkfs, checkfsys, checksys, CHEY_ARCHSVR, circ, cisco, Cisco router, CLARK, client, CLOTH,
  cmaker, CMSBATCH, CMSUSER, CNAS, COGNOS, Col2ogro2, comcomcom, COMPANY, Compaq, Compleri, computer, CONCAT,
  condo, CONDO, Congress, CONV, CPNUC, CPRM, cr0wmt 911, craft, craftpw, Crystal, CSPUSER, CTX_123, CTXDEMO, CTXSYS, cust, custpw, CVIEW
  
D
  d.e.b.u.g, d8on, daemon, Daewuu, Database, databse, DATAMOVE, Daytec, DBSNMP,
  DCL, DDIC, death, debug, DECMAIL, DECNET, default, DEFAULT, Dell, DEMO, demo, DEMO1, DEMO8, DEMO8, demos, deskalt, deskman,
  desknorm, deskres, DESQUETOP, dhs3mt, dhs3pms, diag, diamond, DIGITAL, DISC, disttech, D-Link, dn_04rjc, dni, DS, DSA
  
EEARLYWATCH, echo, EMP, enable, eng, engineer, enquiry, enquirypw, enter, ESSEX, EVENT, Ezsetup
Ffal, FAX, fax, FAXUSER, FAXWORKS, FIELD, field, FIELD.SUPPORT, FINANCE, FND, foobar, friend, ftp
Gg6PJ, games, ganteng, GATEWAY, GEN1, gen1, GEN2, gen2, glftpd, gnumpf, god, godblessyou, gonzo, gopher, GPLD, gropher, guessme, guest, GUEST, Guest, guest1, GUESTGUE, guestgue, GUESTGUEST
H
  h6BB, hacker, halt, HARRIS, hax0r, HELGA-S, HELLO, hello, HELP, help, HELPDESK, HEWITT RAND, hewlpack, HLT, home, Home,
  HOST, HP, hp, HPDESK, HPLASER, HPOFFICE, HPOFFICE DATA, HPONLY, HPP187, HPP187 SYS, HPP189, HPP196, HPWORD PUB, hydrasna
  
I
  I5rDv2b2JjA8Mm, ibm, IBM, ibmcel, ihavenopass, ILMI, inads, indspw, INFO,
  informix, INGRES, init, initpw, install, Internet, IntraStack, IntraSwitch, INTX3, INVALID, IPC, IS_$hostname, ITF3000, iwill
  
Jj09F, j256, j262, j322, j64, JDE, Jetform, JONES
Kkermit, kiddie, komprie, ksdjfg934t
L
  l2, l3, laflaf, lantronix, LASER, LASERWRITER, last, lesarotl, letacla, letmein, LIBRARY, lineprin, LINK, lkw peter, lkwpeter, LKWPETER,
  Lkwpeter, llatsni, locate, locatepw, login, looker, LOTUS, love, lp, lpadm, lpadmin, lucenttech1, lucenttech2, lynx
  
M
  MAIL, mail, MAILER, maint, maintain, maintpw, man, manager, Manager, MANAGER, MANAGER.SYS, Master, MASTER, masterkey, MBIU0, MBMANAGER,
  MBWATCH, mcp, MDSYS, me, merlin, mfd, MFG, MGR, MGR.SYS, MICRO, MILLER, mirc, mlusr, mMmM,
  MMO2, MODTEST, monitor, MOREAU, mountfs, mountfsys, mountsys, MPE, mtch, mtcl, MTYSYS, my_DEMARC, mypass, mypc
  
N
  n/a, naadmin, NAMES, ncrm, NETBASE, NETCON, NETFRAME, NetICs, netlink, netman, NETMGR, NETNONPRIV, NETOP, netopia, NETPRIV,
  netrangr, netscreen, NETSERVER, NETWORK, NEWINGRES, NEWS, news, NeXT, NF, NFI, NICONEX, nms, nmspw, nobody, noway, NONPRIV, ntacdmax, nuucp
  
OOCITEST, oem_temp,op, OP.OPERATOR, operator, OPERATOR, OPERVAX, oracle, ORDPLUGINS, ORDSYS, OUTLN, OutOfBox, owner
P
  PAPER, pass, PASS, Pass, passwd, Passwd, PASSWORD, password, Password, pat, patrick, PBX, pc, PCUSER, PDP11, PDP8, PFCUser, PHANTOM, phoenix, piranha,
  pmd, PO, PO8, poll, Polrty, POST, Posterie, postmast, POSTMASTER, postmaster, POWERCARTUSER, powerdown, PRIMARY,
  prime, primenet, primeos, primos, primos_cs, PRINT, PRINTER, PRIV, private, prost, PSEAdmin, public, PUBSUB, pw, pwd, pwp
  
Qq, Q54arwms, QDI, qpgmr, qsecofr, qserv, qsrvbas, qsvr, qsysopr, quser, qwer
R
  raidzone, rcust, rcustpw, RE, read, readonly, readwrite, REGO, REMOTE, replicator, REPORT, RJE, rje, RM, RMAIL,
  rmnetlm, RMUser1, ro, ROBELLE, ROOT, root, Root, ROOT500, ROUTER, router, RSBCMON, RSX, rw, rwa, rwmaint
  
S
  sa, SABRE, SAMPLE, san fran 8, SAP*, satan, SCOTT, script, scriptkiddie, SECDEMO, secoff, secofr, secret, secure, security, SECURITY, SER, sertafu,
  server, service, SERVICE, servlet, SETUP, setup, sex, shutdown, signa, SKY_FOX, sldkj754, smile, snake, SnuFG5, software, sp99dd, Spacve, spcl, speedxess, SPOOLMAN, spooml,
  star, STEEL, STUDENT, su, Super, super, SUPERVISOR, support, SUPPORT, supportpw, switch, SWITCHES_SW, Sxyz, SY_MB, sybase, sync, synnet, SYS, sys,
  sysadm, SYSADM, sysadmin, sysbin, SYSDBA, SYSLIB, syslib, SYSMAINT, SYSMAN, Sysop, system, SYSTEM, system_admin, SYSTEST, SYSTEST_CLIG, syxz, SZYX
  
T
  t0ch20x, t0ch88, TCH, teacher, tech, technolgi, tele, TELEDEMO, TELESUP, temp, temp1, TEST, test, testing, teX1, tiara, TIGER, tini, Tiny, tlah,
  topicalt, topicnorm, topicres, Toshiba, toshy99, tour, TRACE, TRACESRV, trancell, trouble, TSDEV, TSEUG, TSUSER, TTPTHA, tutor, TzqF
  
U
  uClinux, UETP, umountfs, umountfsys, umountsys, unix, User, user, USER, USER_TEMPLATE,
  USER0, USER1, USER2, USER3, USER4, USER5, USER6, USER7, USER8, USER9, USERP, uucp, uucpadm, uwontguessme
 
VVAX, VESOFT, Vextrex, VMS, VNC, VRR1
WWANGTEK, web, WebAdmin, WebBoard, webdb, weblogic, webmaster, win, WINDOWS_PASSTHRU, WINSABRE, winterm, wodj, WOOD, WORD, WP, wradmin, write, www
Xxljlbj, XLSERVER, xo11nE, xp, xxx, xxxx, xxxxx, xxxxxx, xxxxxxx, xxxxxxxx, xxxxxxxxx, xyzall
YYES, youwontguessme, yxcv
Zzbaaaca, Zenith, zeosx, zxcv
Numeric
  0, 1, 1.1, 2, 5, 7, 12, 30, 110, 111, 123, 1111, 1234, 2002, 2003, 2222, 2600, 8429, 12345, 54321, 111111, 121212, 123123, 123456, 166816, 256256, 654321, 1234567, 1322222, 7061992, 11111111,
  12345678, 19920706, 22222222, 88888888, 123456789, 1. 1, 1234qwer, 123abc, 123asd, 123qwe, 1RRWTTOOI, 240653C9467E45, 24Banc81, 3098z, 3ep5w2u, 4Dgifts, 4getme2, 4tas, 57gbzb
  
Other!@#$, !@#$%, !@#$%^, !@#$%^&, !@#$%^&*, !root, $ALOC$, $secure$, $system, %username%12, %username%123, %username%1234, (none), ?award, }

Additional Information about Strong Passwords

MPS_15off_120X240The links below contain policies, guidelines, practices, and general protection information about weak and strong passwords.


Password Policy from SANS

Password Security from Red Hat

How to create stronger passwords from Microsoft

Protecting Yourself from Password File Attacks from CERT Coordination Center


Publication Date: Friday 30th April, 2004
Author: Lew Newlin View profile

Related Articles