Famous Passwords

from the Center for Password Sanity

http://www.smat.us/sanity/

One way to help people appreciate password selection is to refelct on the passwords chosen by others. The following table presents some notable password choices that appear on the historical record. Please feel free to contact me (smith@smat.us) if you know of a good example I've missed.

User's Name

Password

The Story

Joe, for example Joe, for example We use the term "Joe accounts" to refer to accounts where the password matches the user name. Studies of user password selection performed in the early 1990s found that about 3% of the accounts examined were "Joe accounts."

(various) password This was the password of choice at the Los Alamos National Laboratory, as reported by a government official who had been assessing computer security there, following reports of security irregularities with computer files by researcher Wen Ho Lee.

guest parc, maxc This was the "guest" account on the MAXC computer at the famous Xerox Palo Alto Research Center (PARC). Users on the ARPA Network could use this account to log on to the computer at PARC. They periodically changed the password between PARC and MAXC.

President Clinton Buddy This is the "secret" password used to protect the private key assigned to the President for producing a digital signature when signing the "E-SIGN" electronic commerce bill. The President evidently shared the password with the dignitaries and reporters who were attending the bill's signing. The password was his dog's name.

www.whitehouse.gov the0toky An example of a reasonably good password used in a critical application. This was the first password used for the "root" administrator on the firewall protecting the first public White House Internet connection. The administrator, Marcus Ranum, obscured things further by renaming "root" to be "mjr."

"Little Nicky" Scarfo nds09813-050 The password used to protect PGP-encrypted secret information that was alleged to describe criminal enterprises that Scarfo was involved in. The password is his father's prison ID number. The FBI recovered this password by planting software on his computer that recorded his keystrokes when he typed in the password.

"Steven Falken" JOSHUA The password used by actor Matthew Broderick in the 1983 film WarGames to gain access to NORAD. Of course, this isn't a password chosen by a real person, it was chosen by a Hollywood scriptwriter. But it does sound plausible, doesn't it?

Back to the Center for Password Sanity

Back to Rick Smith's Home Page

Richard E. Smith, rsmith@visi.com

Posted: 1/22/02

User's Name	Password	The Story
Joe, for example	Joe, for example	We use the term "Joe accounts" to refer to accounts where the password matches the user name. Studies of user password selection performed in the early 1990s found that about 3% of the accounts examined were "Joe accounts."
(various)	password	This was the password of choice at the Los Alamos National Laboratory, as reported by a government official who had been assessing computer security there, following reports of security irregularities with computer files by researcher Wen Ho Lee.
guest	parc, maxc	This was the "guest" account on the MAXC computer at the famous Xerox Palo Alto Research Center (PARC). Users on the ARPA Network could use this account to log on to the computer at PARC. They periodically changed the password between PARC and MAXC.
President Clinton	Buddy	This is the "secret" password used to protect the private key assigned to the President for producing a digital signature when signing the "E-SIGN" electronic commerce bill. The President evidently shared the password with the dignitaries and reporters who were attending the bill's signing. The password was his dog's name.
www.whitehouse.gov	the0toky	An example of a reasonably good password used in a critical application. This was the first password used for the "root" administrator on the firewall protecting the first public White House Internet connection. The administrator, Marcus Ranum, obscured things further by renaming "root" to be "mjr."
"Little Nicky" Scarfo	nds09813-050	The password used to protect PGP-encrypted secret information that was alleged to describe criminal enterprises that Scarfo was involved in. The password is his father's prison ID number. The FBI recovered this password by planting software on his computer that recorded his keystrokes when he typed in the password.
"Steven Falken"	JOSHUA	The password used by actor Matthew Broderick in the 1983 film WarGames to gain access to NORAD. Of course, this isn't a password chosen by a real person, it was chosen by a Hollywood scriptwriter. But it does sound plausible, doesn't it?