Twitter Bans 370 Passwords: Too Easy to Hack

If you’re one of the many who protects your identity with the password “doctor”, “ferrari”, “peanuts”, “startrek” or the particularly ambiguous “password123″, no longer will you be able to sign up to a new Twitter account with your usual catchphrase.

In the face of new hacks and bots roaming the net to steal passwords to gain access to social network identities, Twitter has taken the step to ban 370 of the most common passwords used, in an attempt to make the micro-blogging site safer. A full list is below.

What we’ve noticed from the list is that there is a definite sci-fi / sporting theme to how people choose their secret password identity. “chelsea” and “arsenal” are on the list as well as “THX1138″ (George Lucas’s first film) “NCC1701″ (the registry number of the Star Trek Starship Enterprise, and Fox Mulder’s X-Files password “trustno1″.

The move comes as photo sharing site Rock You is being sued in the US for failing to implement adequate network security to protect customer data, allowing a hacker to infiltrate the site and make away with 32 million passwords in December last year.

If you haven’t heard of Rock You and think you may not be affected, think again as the company is in charge of online apps such as “SuperWall” on Facebook and “Slideshow” on MySpace.

Twitter’s security move comes as the Telegraph reports that almost 16 million web enthusiasts reuse the same password for most websites they need to log on to.

The Telegraph reports that 1 in 10 users log in with memorable dates, kid’s names and mother’s maiden names, while 1 in 5 of us use our pet’s name ever time we want to access our email. Judging by how many dogs in my area respond to “Bailey”, this may not be the way to go for future passwords.

We’ve looked at the list of banned Twitter passwords, but haven’t been able to post them all here as quite a few of them are a touch on the rude side. Instead we’ve listed a selection of common passwords not quite stealth enough for Twitter.

If you see your password in the list below, it may be time for a rethink as there are quite a number of people out there who are just as original as yourself.

BANNED TWITTER PASSWORDS:

111111
1234567
aaaaaa
abcdef
abgrtyu
access
access14
action
albert
alexis
amanda
andrew
angela
apollo
asdfgh
austin
badboy
bailey
banana
baseball
batman
beavis
birdie
biteme
blazer
bond007
bonnie
booboo
boston
brandy
braves
brazil
broncos
bulldog
butter
calvin
cameron
canada
captain
carter
casper
charles
charlie
cheese
chicago
chicken
cocacola
coffee
compaq
computer
cookie
cooper
cowboys
crystal
dallas
daniel
danielle
debbie
dennis
diablo
diamond
dolphins
donald
dragon
dreams
driver
eagels
edward
einstein
extreme
falcon
fender
firebird
fishing
florida
flower
football
forever
freddy
freedom
(there are a series of rude words that enter here alphabetically which I will gloss over)
gandalf
gateway
gemini
george
giants
ginger
golfer
gordon
guitar
hammer
hannah
harley
heather
helpme
hockey
hotdog
hunter
iceman
iloveyou
internet
jackson
jaguar
jasper
jennifer
jeremy
jessica
johnny
jordan
joseph
joshua
junior
justin
killer
knight
ladies
lakers
lauren
leather
legend
letmein
little
london
lovers
maddog
maggie
magnum
marlboro
martin
master
matrix
matthew
maverick
maxwell
melissa
mercedes
merlin
mickey
midnight
miller
mistress
monica
monkey
monster
mother
mountain
muffin
murphy
mustang
naked
nascar
nathan
naughty
newyork
nicholas
nicole
oliver
orange
parker
password
password1
password12
patrick
peaches
pepper
phantom
please
pookie
porsche
prince
princess
private
purple
qazwax
qwerty
qwertyui
rabbit
rachel
racing
rainbow
rebecca
richard
robert
rush2112
russia
samantha
sandra
saturn
scooby
scorpio
scorpion
secret
shadow
shannon
sierra
silver
skippy
slayer
smokey
snoopy
soccer
sophie
spanky
spider
starwars
steven
sticky
stupid
success
summer
superman
surfer
swimming
sydney
tennis
teresa
tester
testing
theman
thomas
thunder
tiffany
tigers
tigger
tomcat
topgun
toyota
travis
trouble
twitter (really guys!?!)
united
victor
victoria
viking
voodoo
voyager
walter
warrior
welcome
whatever
william
willie
wilson
winner
wizard
xavier
xxxxxx
xxxxxxxx
yamaha
yellow
zxcvbn
zxcvbnm
zzzzzz

Are there any other obvious ones you can think of that Twitter has missed out on? Leave us a comment (or send us a Tweet!) and let us know.

This post was written by:

- who has written 489 posts on UK Gadget and Tech News, Reviews and Shopping.

I love shiny things with flashing lights except furbys.


15 Responses to “Twitter Bans 370 Passwords: Too Easy to Hack”

  1. Ano-Nym says:

    Thanks. Now someone is using this list for bruteforcing every g-mail, hotmail, facebook, twitter account out there. And some of my friends are closed out.

  2. Jason says:

    It’s actually a good thing that this list has been provided so we know what passwords to avoid.

    If your friends are thick enough to continue to use an obvious password when sites like Gmail and Facebook rate password strengths and provide stronger suggestions using numerals as well as letters, then it’s their own fault that their account gets broken into.

  3. FedUp says:

    Please use a complex password consisting of at least but not limited one captial letter and one number and where the site will allow at least one symbol. And for crying out loud nothing that makes an actual word.

  4. Prathap R says:

    Well, 370 is quite a low a number. A cracker would use a password dictionary that has much more passwords than just 370.

  5. sis sheila says:

    Tell me more Prathap R.

  6. Dave says:

    For a slightly larger list (500 worst passwords), look here:

    http://www.whatsmypass.com/the-top-500-worst-passwords-of-all-time#

  7. Tom Corwine says:

    An easy way to see the whole list: Click “sign up now” on the twitter homepage, then view source. This ban-list is implemented in javascript (although, they could be doing server-side validation, too).

  8. celine says:

    This is a great blog and very engaging too. Excellent work! That’s not really much coming from an amateur publisher like me, but it’s all I could think after enjoying your posts. Excellent grammar and vocabulary. Not like other blogs. You really know what you’re talking about too. So much that you made me want to explore more. Your blog has become a stepping stone for me, my friend. Thank you for the articulate journey. I really enjoyed the 4 posts that I have read so far.

  9. John B says:

    You can pretty much say that “111″ on the end of all of those should have been banned too. I can’t stand it when our end users here change their existing password by one digit (example11, example12). They should force random passwords and be at least 16 characters long. Also, a lot of people don’t log into their machine either. Most leave them unlocked or being able to login without a password. So, when they do have to use the password, they forgot it, since it was 14 months ago when they made their computer password. Stop using car brands, stop using birth dates. A lot of that information is public domain.

Trackbacks/Pingbacks

  1. [...] Working with websites, content management systems, and secure data, you get to see your fair share of passwords. Over the years we have educated customers about why their passwords need to be better than ‘password’ or ‘bill’ and should be hard to guess. Using a service like GoodPassword will help you generate a more secure password with random letters, case, numbers, and symbols. Of course, its not going to generate the kind of password you will be able to remember (which is a good thing). Some online services like Twitter have taken measures to prevent users from creating passwords that are too common or not secure. [...]

  2. [...] allow users to use passwords like “password” or the not-much-safer “password1.” Recently, a list of passwords banned by Twitter leaked onto the Web, shown here as the full code. This is a good idea (the list, that is, not the [...]

  3. [...] allow users to use passwords like “password” or the not-much-safer “password1.” Recently, a list of passwords banned by Twitter leaked onto the Web, shown here as the full code. This is a good idea (the list, that is, not the [...]

  4. [...] passwords like “password” or the not-much-safer “password1.” Recently, a list of passwords banned by Twitter leaked onto the Web, shown here as the full code. This is a good idea (the list, that is, not the [...]

  5. [...] passwords like “password” or the not-much-safer “password1.” Recently, a list of passwords banned by Twitter leaked onto the Web, shown here as the full code. This is a good idea (the list, that is, not the [...]


Leave a Reply

Security Code: