T
4

That "secure" password I thought was genius backfired hard

I thought I was being clever by using a passphrase based on a Lord of the Rings quote with numbers swapped in. Then my buddy who works IT at a place in Austin ran it through a cracking tool for fun and said it got broken in under 3 minutes because it matched a pattern from a 2017 data breach. I learned the hard way that just making something long isn't enough if it's built from common words or phrases. Has anyone else had a "creative" password idea blow up on them like that?
3 comments

Log in to join the discussion

Log In
3 Comments
knight.mason
Wow, that sucks. Always check if your "clever" phrase is already in a breach list.
6
danielb43
danielb4323d ago
That's assuming breaches only happen on old sites nobody uses anymore. Modern credential stuffing attacks pull from fresh leaks that get combined with real-time data from phishing campaigns. The real danger isnt just your password getting dumped, its that these lists get compiled into massive databases that criminals use to automate login attempts across hundreds of services at once. Even if your bank password is different from your gaming password, if someone figures out your "clever" phrase pattern they can guess variations across accounts. And once a pattern like replacing letters with numbers or adding common suffixes gets flagged, bots can adapt to it in seconds.
3
julia_carter70
Is it really that big of a deal though? Like yeah it sucks if your password gets leaked but most of those lists are from old breaches nobody cared about. Unless you're using the same password for your bank account and your Neopets login from 2005 you're probably fine.
2