Ping Identity > Blogs > PingTalk 

PingTalk Blog

The forbidden password club of Brandy, Buster and Butthead

  • By ,
  •  | 

So RIM has given hackers a list of passwords they can strike from their dictionaries when they are attacking Blackberry users.

Ah, I mean, RIM has offered up a blacklist of passwords that black-balls comic stars such as Winnie the Pooh and Peanuts, a collection of popular sports and just about every kid's name you can recall from your third-grade class.

Jesus and the Mayans, however, remained no-shows.

The list is 106 no-nos buried in the inner-workings of Blackberry 10 that was recently uncovered by RapidBerry and confirmed by RIM (which is not on the list if you are wondering; Blackberry is).

RIM has a server-side version of this hacker-attacker list for the Blackberry Enterprise Server that corporate users can configure and expand. That is one helpful tool for a set of comprehensive password management policies, which also may include password composition and expiration cycles, or, ultimately, architectural changes such as SSO, federation and tokens.

The funny thing about the Blackberry 10 list is its randomness and arbitrary length. (funny on one level because that sounds like a perfectly good way to concoct a password).

As a test, I compared the Blackberry list to the list of my colleagues in our CTO office. It seems Patrick and Pamela are bad password choices. But somehow, Hans, John and Paul are as secure as the bank across the street.

Baseball, football, hockey and soccer made the list, but basketball appears zone-defense tight.

And Brandy, Buster, and Butthead couldn't escape scrutiny, just like in the third-grade.

In fact, the only password that looks at first glance like it might pass muster in the face of a legit password policy is "ncc170"  - but if you're a geek it may be obvious why this is not a route to boldly follow.

While the Blackberry list is worth a grin and a nod, the intent is legit in the face of what was an epidemic this year -- hackers stealing passwords by the millions.

Maybe 2013 is the time to bust up the club and consider tightening the reins.

Add your comment