Twitter bans 370 'obvious' passwords 01 Jan 2010
<http://www.telegraph.co.uk/technology/twitter/6906781/Twitter-bans-370-obvious-passwords.html> The micro-blogging service rejects certain passwords when new users sign up if it thinks they are too easy to guess. However, bloggers recently discovered that the list of banned passwords is embedded in the source code of the page itself. Banned terms include commonly chosen generic passwords, such as �123456�, �password� and �password1�, as well as car names (�porsche�, �ferrari�) and football teams (�Chelsea�, �arsenal�). � Perhaps predictably for a website popular with technology fans, science fiction terms figure in the list too. �THX1138�, the title of the first feature film directed by George Lucas of Star Wars fame, is banned, as is �NCC1701� � the registry number of Star Trek�s starship Enterprise � and �trustno1�, which was Fox Mulder�s password in The X-Files. Research has shown that people are often all too predictable when it comes to choosing passwords. In research published earlier this year, insurer CPP found that nearly half of Britons use the same password to login to their banking, shopping and social networking sites. The research also found that one in five people use their pets� names for their passwords, while one in eight use memorable dates, such as birthdays, and one in ten use their children�s names. Security experts advise that a strong password should consist of letters, numbers and even punctuation symbols. They should be changed regularly and you should not use the same password for all your online services. Regards, Zuber. CONFIDENTIALITY/ PROPRIETY NOTE: -------------------------------------------------------------------------------- These messages including any attachments are intended only for the addressee and may contain confidential, proprietary or legally privileged information. If you are not the named addressee or authorized to receive this mail, you shall not copy, forward, disclose or take any action based on this message or any part thereof. In such case, please notify the sender of receipt of this message and delete this message including any attachment to it from your computer system immediately. The recipient acknowledges that the views, opinions, conclusions and other information expressed in this message are those of the individual sender and shall be understood as neither given nor endorsed by IDFC* , unless the sender does so expressly with due authority of IDFC and IDFC shall not be liable for any errors or omissions in the context of this message. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. *Includes IDFC and all its subsidiary companies. .
_______________________________________________ Owasp-delhi mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-delhi
