FIDO2 certification is paving the way for passwordless mobile security. Read more: https://zd.net/2VoiT0R
At first glance, ji32k7au4a83 seems a step-up from today’s most common and insecure passwords such as password1 or the infamous qwerty12345.
The random placement of letters and numbers could easily lead you to believe that the password has been crafted by an automatic system — such as complex password generators in browsers or by a dedicated password manager — but ji32k7au4a83 shows up far more than you would expect as a preferred password in online accounts.
Troy Hunt’s HaveIBeenPwned, a search engine which allows you to find out whether or not your credentials have been leaked in a data breach, revealed that ji32k7au4a83 has appeared in 141 data breaches to date, as reported by Gizmodo.
Robert Ou, a software engineer, spotted the trend and asked his Twitter followers why this particular password was appearing time after time, especially considering how random and complex it appeared to be.
The challenge was issued and it was not long before an answer was found: in a different language, ji32k7au4a83 translated into a password of such simplicity it was enough to make security pundits groan.
The reason begins with a Bopomofo keyboard, used in areas including Taiwan for translating Unicode-supported phonetic symbols used in languages such as Mandarin.
The most common way for the Taiwanese to type out Chinese characters is by using a Zhuyin Fuhao layout on such a keyboard, in which the picture string “我的密碼” is decoded into ji32k7au4a83, which translates to “my password” in English.
At first glance, ji32k7au4a83 may appear as a mystifying string of gibberish, but the lesson here is simple: lax account security can appear in any language.
It is always advisable to use complex strings of numbers, letters, capitals, and symbols — when allowed — in online accounts. If you have use more than a handful of online services, remembering complicated credentials can be difficult, and so using a password manager or vault is recommended.
A recent report on the security posture of today’s most popular password managers, including 1Password, Dashlane, KeePass and LastPass found that security in these programs themselves can be lacking if machines are compromised.
However, on balance of risk, it is still infinitely preferable to make sure your online accounts are as locked-down and secure as possible, given that online accounts are at far more risk of exploit than a password manager on an already malware-laden machine.
Previous and related coverage
Source Article from https://www.zdnet.com/article/the-reason-why-ji32k7au4a83-is-a-common-password/#ftag=RSSbaffb68
The reason why ji32k7au4a83 is a common and terrible password
Latest blogs for ZDNet
Latest blogs for ZDNet