https://gizmodo.com/why-ji32k7au4a83-is-a-remarkably-common-password-1833045282
By Rhett Jones
Gizmodo.com
March 5, 2019
For too many people, moving the digits around in some variation of
Patriots69Lover is their idea of a strong password. So you might expect
something complicated like" "ji32k7au4a83" would be a great password. But
according to the data breach repository Have I Been Pwned (HIBP), it shows up
more often than one might expect.
This interesting bit of trivia comes from self-described hardware/software
engineer Robert Ou, who recently asked his Twitter followers if they could
explain why this seemingly random string of numbers has been seen by HIBP over
a hundred times.
Fun thing I learned today regarding secure passwords: the password
"ji32k7au4a83" looks like it'd be decently secure, right? But if you
check e.g. HIBP, it's been seen over a hundred times. Challenge: explain
why and how this happened and how this password might be guessed
— Robert Ou @ BSidesSF (@rqou_) March 1, 2019
https://twitter.com/rqou_/status/1101331385632022528?ref_src=twsrc%5Etfw
Have I Been Pwned is an aggregator that was started by security expert Troy
Hunt to help people find out if their email or personal data has shown up in
any prominent data breaches. One service it offers is a password search that
allows you to check if your password has shown up in any data breaches that are
on the radar of the security community. In this case, "ji32k7au4a83" has been
seen by HIBP in 141 breaches.
Several of Ou’s followers quickly figured out the solution to his riddle. The
password is coming from the Zhuyin Fuhao system for transliterating Mandarin.
The reason it’s showing up fairly often in a data breach repository is because
"ji32k7au4a83: translates to English as "my password."
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
