home / blog / podcasts / notes / photos / about / more

Random passwords

Not easy to see

Posted by Jeena

I once used a password which our IT department gave me, it was !'a;@,oq and at least to me it looked random enough. I had it as a root password on a server and I enabled password login for about 2 minutes because I wanted to resize some virtual hard drive or something and couldn't be logged in as a normal user to then switch with su to root, because then the normal user would have open file descriptors on the file system and I wouldn't be able to unmount or something.

Within those 2 minutes a Chinese hacker scripts took over the server and started DDosing some Chinese IP addresses. We had to shut the server down, blast it and set it up from scratch again.

I later found out that this password was everything but random. It was difficult for me to see, because I've been using Dvorak for a couple of years now and didn't see the pattern that it was just the first two columns of the characters on a qwerty keyboard. So actually it was: !qaz@wsx (I just put the Dvorak version on top of the post to give you the same unknown feeling for the password which I had back then.)

I've never reused any passwords since then and always create new ones with my password manager.

That was originally my reaction to a Tweet discussed on HN.

1 Mention

Jacky Alcine

Have you written a response? Let me know the URL:

There's also indie comments (webmentions) support.