Forgot your password?
typodupeerror
Security The Internet

Yep, People Are Still Using '123456' and 'Password' As Passwords In 2014 276

Posted by Soulskill
from the get-a-password-manager-for-pete's-sake dept.
Nerval's Lobster writes "Earlier this week, SplashData released its annual list of the 25 most common passwords used on the Internet — and no surprise, most are so blindingly obvious it's a shock that people still rely on them to protect their data: '12345,' 'password,' 'qwerty' '11111,' and worse. There were some interesting quirks in the dataset, however. Following a massive security breach in late 2013, a large amount of Adobe users' passwords leaked onto the broader Web; many of those users based their password on either 'Adobe' or 'Photoshop,' which are terms (along with the ever-popular 'password') easily discoverable using today's hacker tools. 'Seeing passwords like "adobe123" and "photoshop" on this list offers a good reminder not to base your password on the name of the website or application you are accessing,' Morgan Slain, CEO of SplashData, wrote in a statement. Slashdotters have known for years that while it's always tempting to create a password that's easy to remember — especially if you maintain profiles on multiple online services — the consequences of an attacker breaking into your accounts are potentially devastating."
This discussion has been archived. No new comments can be posted.

Yep, People Are Still Using '123456' and 'Password' As Passwords In 2014

Comments Filter:
  • On the contrary: (Score:5, Insightful)

    by iroll (717924) on Wednesday January 22, 2014 @05:32PM (#46040361) Homepage

    If your password for Adobe is Adobe123, and Adobe leaks your password (AGAIN), nobody is going to be getting into your email, or your facebook account, or your bank account, etc., etc.

    • by Anonymous Coward on Wednesday January 22, 2014 @05:38PM (#46040445)

      Except now they know your email address and the fact you use the name of the company in your password...

      • by Algae_94 (2017070)
        They actually only know your email and that your Adobe password was 'Adobe123'. That might indicate that you reuse that password pattern, but you might not.
        • They actually only know your email and that your Adobe password was 'Adobe123'. That might indicate that you reuse that password pattern, but you might not.

          Trust me, the NSA uses statistics and not fuzzy logic. Trust me, in the general case, it's an entropy leak. As someone with apg-generated unique passwords for every place I visit (as short as 10 characters if I really don't give a shit) I might have one such password in my portfolio, but it would be a joke, a highly self-conscious joke. It's still an

        • by xenobyte (446878) on Thursday January 23, 2014 @02:55AM (#46043803)

          Actually I treat 'forced' accounts on places like Adobe very differently than other places where I use passwords - basically I don't trust a company like that to be secure so I use a different password system there than elsewhere. My password were in the Adobe list, as were my business email, but I don't work for that company anymore so the email is obsolete, and the password... Well it won't be used elsewhere.

      • Oh no, they'll go read all the junk emails I'm probably getting at Junk123@google.com! And then they'll know every free software website that has username:Junk123 password:Websight123 Then they'll be able to download all the free trial software they want without having to make a new account! The horror!

    • by Anonymous Coward on Wednesday January 22, 2014 @05:39PM (#46040477)

      Unless I, as the criminal mastermind that I am, decide to try 'Facebook123', 'Chase123', etc, etc.

      • by Anonymous Coward on Wednesday January 22, 2014 @06:09PM (#46040919)

        Won't work. People would use a blank password if the websites which require registration to download something free or access a support forum allowed it. So what do you start with? Name of the company. Nope, has to have letters AND numbers. So adobe123. That's a password which says "I don't give a fuck. I'm not even going to use this account again. Just let me download this file." It does not mean that people use the same scheme for passwords to sites where a hacked account could actually do them some harm. Anyway, remember how we know what passwords people use: The companies which demand ever more complex passwords don't properly secure them and lose them, in cleartext form! How can you expect users to care when not even the companies whose business depends on customers' trust care?

    • by Desler (1608317) on Wednesday January 22, 2014 @05:42PM (#46040533)

      And strong passwords are meaningless if the company is storing them in a really stupid way such that they can be recovered in plain text by an attacker. At that point, adobe123 is no less secure than a 64-character randomly-generated password.

      • by Bill, Shooter of Bul (629286) on Wednesday January 22, 2014 @07:46PM (#46041755) Journal

        If they had hashed them without a salt, then you'd be better off with a random password.
        If they had hashed them with the same salt, then you'd be better off with a random password
        If they had them plain text, and you reused the same weak password on multiple sites, then you'd be better off with a random password.

        In general there are so many benifits to using a strong random password on each site, that its really stupid not to.

    • by ackthpt (218170) on Wednesday January 22, 2014 @05:57PM (#46040749) Homepage Journal

      If your password for Adobe is Adobe123, and Adobe leaks your password (AGAIN), nobody is going to be getting into your email, or your facebook account, or your bank account, etc., etc.

      Even if the user is stupid, it's not like the site author couldn't dedicate a few minutes to to code evaluation of the password and tell the user 'Not good enough, not even secure in the least, do you want to see a picture of people who think that password is secure?' and display some of those Faces of Meth people.

      even this lolcat is smarter than you

      • Re: (Score:3, Informative)

        by Desler (1608317)

        And yet when an attacker can recover their plaintext password is doesn't really matter how "secure" the password was. I could have the strongest, most random password possible but if an attacker can steal it from you in plaintext, so what?

        • by ackthpt (218170)

          And yet when an attacker can recover their plaintext password is doesn't really matter how "secure" the password was. I could have the strongest, most random password possible but if an attacker can steal it from you in plaintext, so what?

          Indeed. I keep waiting for retina scan or DNA analysis, but it hasn't happened, yet.

          and when it does the NSA will store all of that, too

      • by brunes69 (86786) <slashdot@@@keirstead...org> on Wednesday January 22, 2014 @06:40PM (#46041245) Homepage

        You are missing the point. Adobe.com should not be telling me my password is insecure. Adobe.com should not be asking me for passwords in the first place, because the idea that I should need a seperate password for Adobe.com is stupid. Implement OpenID properly and allow people to log in with an already existing identity. The biggest problem with passwords on the internet is every single mom and pop website thinks they need to have their own login and authentication mechanism when in reality all they need is a way to confirm an identity. My nirvana is every single website in existance allows me to log in with my OpenID account, which is nice and secure and has two factor authentication. Then I only have ONE password to remember.

        There is absolutely no reason the internet could not work this way if site admins would get their heads out of their asses and stop rolling their own authentication schemes, because between Google, Yahoo, Twitter, Facebook, and other 3rd parties, every web user already HAS an OpenID capable login..

    • by mrmeval (662166)

      If you do that with every website then gmail123, amazon123 etc is your password.

      This

      dd if=/dev/random bs=10 count=1 | hexdump

      and a good encrypted wallet are your bestest friends.

      My bank sucks since it will not allow all of that output, just 8 characters.

  • by timeOday (582209) on Wednesday January 22, 2014 @05:33PM (#46040395)
    Many of the accounts you are forced to create nowadays are for the benefit of whoever wants to track you, not for your own benefit. When I was forced to sign up for an Apple Developer or iTunes Store account to get software updates for my MacBook I hoped there would be a pool of shared profiles people had set up for anybody to re-use, but not finding them I assume Apple detects and de-activates them.
    • by khasim (1285) <brandioch.conner@gmail.com> on Wednesday January 22, 2014 @05:39PM (#46040475)

      My simple process for this is that if the site does not have my credit card info or even my name then I don't care what the password is.

      And I don't care if your site is cracked any my 12345 password is revealed. All they're going to get is the cat's name and a birthdate of 1900-01-01.

      • by dejanc (1528235)
        Ditto.

        So many sites nowadays require you to register so I use throwaway emails in combination with throwaway passwords. E.g. if I want to try out Trove (that was mentioned in a previous article), I really don't want to put in more than a few seconds thought into it, so my email will be trove@domain-which-i-use-to-collect-spam.com and password probably something along the lines of asdf1234. If I find the service useful, Firefox will remember my email and password for login and/or I'll be able to recover th
        • If I find the service useful, Firefox will remember my email and password for login and/or I'll be able to recover the password using their system.

          If you are going to let Firefox remember the password for it anyway -- then why not come up with some random gibberish for your password in the first place?

          For example: Extended Password Generator [sourceforge.net]. Or putting the following shell script in your ~/.bashrc file:

          passgen ()
          {
          tr -dc [:alnum:] < /dev/urandom | head -c${1:-20};
          echo
          }
      • by zlives (2009072)

        hey!! we share a birthdate

      • by slapout (93640)

        Dear Mr. Tinkles,
        We at the AARP would like to congratulate you on your recent birthday. We notice that you're not yet a member and would like to tell you about the benefits...

  • qwerty? (Score:5, Funny)

    by slapout (93640) on Wednesday January 22, 2014 @05:34PM (#46040401)

    I knew it was a good idea to change my password to 'dvorak'.

  • "it's a shock" (Score:5, Insightful)

    by neminem (561346) <neminem AT gmail DOT com> on Wednesday January 22, 2014 @05:35PM (#46040415) Homepage

    Quoth, "It's a shock that people still rely on them to protect their data".

    Important fact that many of these studies miss: not everybody cares about their data, and not all data is the same. Anyone using a password like this to protect their bank account, or their email address (that they use to send forgotten password requests from their bank account) deserves to have their money stolen.

    On the other hand, anyone who uses a password like this to protect the fact that they once logged into some random crappy site that they joined to post one comment, and which they have subsequently never used again and have forgotten about, deserves... absolutely nothing bad to happen to them as a result. Who cares if someone gets their password to some random crappy site? I certainly don't. It would be a much worse idea to use a more secure password to those throwaway sites, because then you'd be tempted to use the same password you used on more secure sites you actually cared about.

    There are probably a lot of passwords to throwaway sites like that in any database of stolen passwords, specifically because people are more likely to use better passwords on the sorts of sites that are also (I certainly hope!) less likely to get all their passwords leaked.

    • Re:"it's a shock" (Score:5, Insightful)

      by lgw (121541) on Wednesday January 22, 2014 @05:59PM (#46040783) Journal

      Anyone using a password like this to protect their bank account, or their email address (that they use to send forgotten password requests from their bank account) deserves to have their money stolen.

      No one deserves to have their money stolen. The concept you're looking for is "responsibility". Anyone using an easy password for a bank account is irresponsible, but if they get their money stolen what they deserve is our compassion.

      Currently banks seem to be proud of the level of fraud protection they offer customers, perhaps even competing on that basis. That's a good thing. Not everyone is capable of remembering a complex password, after all.

    • by grnbrg (140964)

      This.

      I've probably contributed a "Mr. Test Testuser, 123 Main St, Somewhere, CA, 90210" password 1234 once or twice a year for the last decade....

      • by neminem (561346)

        Heh. I tend to use my real name everywhere that asks for my name, regardless of temporary-ness, because who cares if they have my name, and it's jarring seeing someone else's name (plus, maybe you do want to be able to prove that you're yourself for something later. It's difficult to prove you're yourself if you claim to be Mr ASDF ASDF in account creation.)

        I do enjoy giving fake addresses, though. I generally claim to live on 666 Hell St. (Every once in a blue moon a site will inform me that there isn't ac

        • by femtobyte (710429)

          plus, maybe you do want to be able to prove that you're yourself for something later. It's difficult to prove you're yourself if you claim to be Mr ASDF ASDF in account creation.

          For that, use an MD5 hash of (or the first several characters therefrom); that makes it easy to later prove it's you, if you want.
          --fe0f91b18675bf2c7e813852aebf5072

  • by thevirtualcat (1071504) on Wednesday January 22, 2014 @05:36PM (#46040423)

    Create a password: password

    Everyone is using "password." We need to stop that.

    Create a password containing both letters and numbers: password1

    Everyone is using "password1." We need to stop that.

    Create a password containing numbers and both capital and lowercase letters: Password1

    Everyone is using "Password1." We need to stop that.

    Create a password containing numbers, both capital and lowercase letters and a special symbol: Password1!

    And so it goes.

    • by Mashiki (184564)

      It would probably be easier if we let people use nonsensical pass-phrases instead of continuing to make it more difficult. I could walk around any government office, or business and probably find 90% of the passwords in no time. With that they'd be some form of incomprehensible jibberish that no one could remember unless they were using it for everything.

    • Re: (Score:3, Insightful)

      by Anonymous Coward

      I don't understand what it being 2014 has to do with anything. Do we expect humanity to get smarter about passwords every year?

    • by ackthpt (218170) on Wednesday January 22, 2014 @06:01PM (#46040821) Homepage Journal

      Create a password: password

      Everyone is using "password." We need to stop that.

      Create a password containing both letters and numbers: password1

      Everyone is using "password1." We need to stop that.

      Create a password containing numbers and both capital and lowercase letters: Password1

      Everyone is using "Password1." We need to stop that.

      Create a password containing numbers, both capital and lowercase letters and a special symbol: Password1!

      And so it goes.

      I was on an information system a few years back, if it didn't like your password, you couldn't use it and had to choose something more arcane. The downside of that is really nasty passwords, with changes of case, numbers and symbols end up written on Post-it notes and stuck on the fronts of computers.

      • by Moof123 (1292134)

        This.

        A point of frustration is that every gosh darn system has gotten idiosyncrasies about these extra characters, and the end result is bad practices.

        Somehow authentication needs to go away from the password, as it has been empirically proven many times over that people will screw it up. With dozens of accounts out there, all with slightly different rules for both username and password, I end up trying my top few burner combos and then go into the annoying reset pit of despair.

        My horrifying to me is Fidel

      • The downside of that is really nasty passwords, with changes of case, numbers and symbols end up written on Post-it notes and stuck on the fronts of computers.

        That's a social problem - one best solved via social means. Like disciplinary action via management.

        On the training side, we tell our users that it's fine to write passwords down in case they forget, but they need to be kept secure. Which means keeping them in your wallet next to your money, or in a safe-deposit box, or a lockbox.

        The importan
    • by mark-t (151149)
      How about "Create a mixed-case password at least 8 characters long, having at least one upper case letter that is not in the initial position, at least one lower case letter, and at least one digit and one special symbol that are not in either of the final two positions, and which contains no english word that is more than 4 characters"?
      • well, the constraints you put on the upper case letters, numbers, and special symbols should make it somewhat easier to brute force that password.
        • If users are selecting randomly from the set of possible passwords of a given length then adding more rules would reduce the average crack time.

          However by and large users don't do that. The trouble with having passwords like "at least one capital letter" is it has a habbit of translating into "exactly one capital letter in the first position" in the eyes of the users. Similar things apply to numbers and symbols, people are far more likely to put them at the end than in the middle. By ruling out the obvious

        • by mark-t (151149)
          Note that no constraints were made about the upper length of the password... only on its contents...and the restriction that I described on contents does not, in general, considerably simplify a brute-force checker (in fact, it would probably tend to complicate it). An 8 character password might be crackable in only a few seconds with today's fastest multicore GPU's, assuming that you knew in advance that it was not more than 8 characters... but without knowing the upper bounds of the domain to search, th
      • by Chemisor (97276)

        How about "I don't care enough about your stupid website to create yet another password just to download some mod file, so maybe I'll go to BugMeNot and see if somebody already created a damn account."

  • No surprise (Score:5, Insightful)

    by Dan East (318230) on Wednesday January 22, 2014 @05:37PM (#46040437) Homepage Journal

    Considering the internet is still used by the same set of people from 2013, and 2012, and 2011, etc, it shouldn't be surprising they're using the same kinds of crappy passwords.

  • ...that the decision to use such a password (or perhaps more correctly, the lack of a decision to utilize a good password) would usually just be a response to either a necessity or else a merely common convention of having one in a given context, and not out of any expectation that it actually offer any real protection for anything.
  • by wcrowe (94389) on Wednesday January 22, 2014 @05:42PM (#46040531)

    Let's call it what it is. It is not a list of the most common passwords used on the internet. It is a list of the most common passwords used at Adobe,.. maybe. They don't know what the Adobe passwords are right now. They cannot know all the passwords used on the internet, so they cannot know the most common ones used on the internet. It's a bullshit article written for morons.

  • our fault (Score:5, Insightful)

    by Tom (822) on Wednesday January 22, 2014 @05:45PM (#46040565) Homepage Journal

    Of course they do. Anyone surprised?

    One of the reasons (one, it's a complex topic) is that we, the security professionals, are too dense to properly explain things in a language the user understands correctly.

    For example, we tell them their password should be difficult to guess. But "guess" is the entirely wrong word to use, because it implies something that's not happening in the real world. When you say "guess" to a normal person, his mental image is that of some attacker thinking there, trying a few different things. What we experts mean is that some script will do 10,000 login attempts with a dictionary attack, or some hacker will check your pilfered password hash against a rainbow table.

    Quite a few regular users are seriously convinced that "123456" is a "hard to guess" password, because it wouldn't be their first or second guess for someone elses password.

    Here's what you need to do, IMNSHO:

    We've had several of these breaches with leaked passwords over the years. Collect them, take the top 10,000 or so passwords and put them into a list. Add that list to John with a simple (because you want to be fast) ruleset for permutations. When the user picks a password, run that in the background. And instead of telling him to use a "difficult to guess" password, tell him that you run the same program that some evil people use, and if it can crack his password, he needs to use a different one.

    Tell him that John needed 0.0253 (or whatever) seconds to crack his password, and show him the rule so he understands (e.g. "passw0rd" is a permutation of "password", the #2 most often used password).

    It'll take 20 minutes for him to find a password that works, and he'll have to write it down to remember it. Problem solv... oh, wait...

    Maybe, you know, the problem is in the method. Passwords suck.

    • by Obfuscant (592200)

      It'll take 20 minutes for him to find a password that works, and he'll have to write it down to remember it. Problem solv... oh, wait...

      Yeah, this.

      I hate sites that force password changes after a given amount of time. I comply, and then I change my password right back.

      One site I need to have access to goes one step further. They require regular changes and remember the last four passwords you've used. I have to write that one down. They're also the organization that sends regular emails to employees FROM AN OUTSIDE VENDOR reminding people that they need to log in with their company credentials to submit their mandatory timesheet. And the

      • by Tom (822)

        No, stupidity.

        Many IT people actually try, but they have no understanding for what this looks like from a regular users perspective. I've given talks on and consulted on the subject - I think I get through to the techies, but it does take some explaining to do, and it probably only works because I am one myself.

        I've worked in a large corporation with a 400 page security policy. The security and compliance departments were very proud of it. Some individuals within IT liked it a lot. Nobody else in the compan

      • <quote>

        They're also the organization that sends regular emails to employees FROM AN OUTSIDE VENDOR.</p></quote>

        I hate this SO much. Sometimes I can't even tell if it is a phishing email or not because they use some vendor never even heard of. What's even worse is if they don't even use your name / some other personable information so you can figure out if it might actually be legit or not. These aren't small companies either. I have received actual legit emails from EA, Dell, and some othe
    • by Ken D (100098)

      Yes they do. Especially when you require people to jump through hoops they do not want to jump through, like register to comment.

      At my office there is some complicated password policy, and they expire every 90 days. No one at my location has been able to compose an acceptable password from scratch. The only thing that works is to to subtly modify your existing password.

      We suspect that the unique password rule actually compares your new password against all passwords every used by anyone else in the compa

      • by PRMan (959735)
        Which is a goldmine for attackers, since they can verify that SOMEBODY at the organization is certainly using that password.
    • by tlhIngan (30335)

      One of the reasons (one, it's a complex topic) is that we, the security professionals, are too dense to properly explain things in a language the user understands correctly.

      or the problem is the websites in question are so damn full of themselves that they believe they have the keys to Fort Knox.

      I mean, a lot of my website passwords are ... "password" or "123456". I mean, who cares that some obscure blog or forum somewhere is using that password? They get compromised? So what? Oh yay, they can impersonate s

    • Re:our fault (Score:5, Insightful)

      by brunes69 (86786) <slashdot@@@keirstead...org> on Wednesday January 22, 2014 @06:35PM (#46041195) Homepage

      A much bigger reason is that no one gives a crap if someone knows their password to Adobe.com

      I am a security professional myself. You know what my password is for 1/2 the sites I have accounts on? 1234. Why? Because I don't care.

      The solution is identity federation. The whole concept that Adobe.com or Mom & Pop Blog have passwords at all is ridiculous. If they allowed OpenID logins and stuck nice Google / Facebook / Twitter / Yahoo / OpenID buttons on there then no one would need all these crappy passwords, they would just use their already created and secure federated ID.

    • It'll take 20 minutes for him to find a password that works, and he'll have to write it down to remember it. Problem solv... oh, wait...

      And even then he might come up with a way of permuting the word that your checking tool doesn't know about but the real crackers do.

    • by dbIII (701233)

      For example, we tell them their password should be difficult to guess. But "guess" is the entirely wrong word to use,

      Example - a tea drinker used "coffee" for their password. Combine that with the guy the system had been handed off too giving all new email users a shell account, making things "easier" by making the entire system read/write/execute for any user, opening up ssh for all users from anywhere and you have the story behind an owned box scanning the net for other vunerable systems.
      Last week a con

    • by ewibble (1655195)

      You are right passwords suck, people don't care, you can't make them care, people are bad at choosing them.

      Instead of constantly trying to force people choose good passwords, we need a way to make it simple for people to get good access keys. I like challenge response where the actual site doesn't even know your password, that way even if they do get hacked they still can't log in as you. They should 1 way hash your password anyway but you have no guarantee they do.

      No more picking/remembering passwords a co

    • Here's what you need to do, IMNSHO:

      "IMNSHO" isn't a bad password if that's what you need to do, but how about at least mixing the case up a little?

  • [face palm]
  • Fools! (Score:4, Funny)

    by the_skywise (189793) on Wednesday January 22, 2014 @05:53PM (#46040691)

    My password was Edoba123 !

    Ha! Capitalization, numbers, and a non dictionary word! STRONG PASSWORD!

    I am so smrt!

  • You don't need a "complex" password to have a strong password. You need a long password. Uppercase / lowercase / weird chars don't matter as much as sheer length in brute force attacks.

    https://xkcd.com/936/ [xkcd.com]

  • Luckily, (Score:5, Funny)

    by tpstigers (1075021) on Wednesday January 22, 2014 @06:01PM (#46040807)
    my cat's name is &%GRang876$%#lkkjhaeyluihjsdkaClghiu.
    • by sconeu (64226)

      Based on her response to the can opener, my cat's name is apparently "rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr"

  • Websites, corporate domains, and so on, still allow "password" and "123456".

    You can't use these silly passwords if there is a password-strength check that was set up with a bit of common sense.

  • Good news! (Score:4, Funny)

    by hamster_nz (656572) on Wednesday January 22, 2014 @06:53PM (#46041329)

    i'm going to use '123456' from now on. If somebody is knocking doors with that password, odds are they will access else's account before mine.

  • This is why I use PasswordMaker [passwordmaker.org]. I get a separate, secure password for every site, only have to remember a single password, (and a simple configuration) and don't have a list of passwords stored anywhere.

    I'm constantly advocating for it yet nobody ever listens to me...

  • They all vary (Score:5, Insightful)

    by speedlaw (878924) on Wednesday January 22, 2014 @07:14PM (#46041465) Homepage
    The reason passwords suck is: This one wants eight characters, with a symbol and letter This one wants eight characters, with NO symbols, and a letter This one wants upper and lower case letters This one wants upper and lower case with a symbol and number This one want upper and lower with no symbols. The formats change all the time, so it is no wonder that most people end up with a post it note stuck to the computer, or if stealthy, inside the draw.
  • Damn! (Score:5, Funny)

    by PPH (736903) on Wednesday January 22, 2014 @07:44PM (#46041727)

    They cracked my password. Now I'll have to change my dog's name again.

  • What's the bigger problem here - that people choose insecure passwords, or that the systems involved ALLOW them to choose known insecure passwords? Any password system these days should be able to disallow these common passwords out of the gate. If they can't be bothered to make sure their customer's password is difficult to crack, how can we believe that any other aspect of their security is up to par? I would note that most of the password leaks have come from folks that use insecure methods to hash or
  • by mtthwbrnd (1608651) on Wednesday January 22, 2014 @10:18PM (#46042713)

    Even to read some news site requires that you go through the stupid account creation process. I doubt that most are using these simple passwords for anything important, just for the stupid sites who are so full of their own self importance that the creators believe that at some stage in the future a huge corporation i going to offer them $100M for their database of users.

    Look, I bought a box to hook up to my tv to watch youtube on my tv. It requires me to enter a google email address. Well, I did not want to use my usual email address. What if I give the box to somebody Do I have to spend an hour trying to delete my account details from the stupid thing? So I did what everybody else does. I spent half an hour creating YET ANOTHER F*CKING GOOGLE ACCOUNT with a fake name and simple password (123456 or something like that so just so that I could use the thing.

    If you try to watch "Tayo The Little Bus" it asks you to sign in because apparently some idiot user has marked it as not "Age Appropriate" or some other nanny state BS like that.

    That is why there are so many "easy" passwords. Because the idiots in charge have created a situation where we have to have so many passwords.

Any sufficiently advanced technology is indistinguishable from a rigged demo.

Working...