The “Worse Passwords Chart” of 2015

Here are the worse passwords of 2015, with the positions as in a real music chart. Looks like I’m a DJ …. 🙂

1. 123456 (Unchanged)
2. password (Unchanged)
3. 12345678 (Up 1)
4. qwerty (Up 1)
5. 12345 (Down 2)
6. 123456789 (Unchanged)
7. football (Up 3)
8. 1234 (Down 1)
9. 1234567 (Up 2)
10. baseball (Down 2)
11. welcome (New)
12. 1234567890 (New)
13. abc123 (Up 1)
14. 111111 (Up 1)
15. 1qaz2wsx (New)
16. dragon (Down 7)
17. master (Up 2)
18. monkey (Down 6)
19. letmein (Down 6)
20. login (New)
21. princess (New)
22. qwertyuiop (New)
23. solo (New)
24. passw0rd (New)
25. starwars (New)

Please note the introduction of starwars, Seems that the movie did its job 🙂

If you’re a sysadmin and sick of being a potential target due to your users, please consider my free project login.farm or the commercial project SecurePass.

Extended attributes best practices

After the release of the NSS plugin for SecurePass and my article on Alessio Treglia’s blog, I received a lot of queries on what are the attributes that are considered as “reserved”.

Well, there are not reserved attributes written on a stone in SecurePass Beta, but the following attributes names have been used in the NSS plugin:

  • posixuid → UID of the user
  • posixgid → GID of the user
  • posixhomedir → Home directory
  • posixshell → Desired shell
  • posixgecos → Gecos (defaults to username)

Also the keywords below have been used in some customers:

  • sshkey → SSH public key
  • bitcoin → Bitcoin address

The current development release of SecurePass tools contain a script to extract user’s ssh key and inject automatically into the ~/.ssh/authorized_keys

[fruitful_btn size=”mini” link=”https://beta.secure-pass.net/enroll/”%5DJoin SecurePass Beta[/fruitful_btn]