Today Threatpost sent me to a news article about the fact that Twitter is protecting against bad passwords by checking for them. And, the list of bad passwords is contained right in the source of the signup page. (Line 282 in the current source of that page.) This raises two questions in my mind:

1) Where did twitter get this list? Was it their own creation, or is it based on, say, the 370 most commonly used passwords on twitter? Is Twitter making any users which use one of these passwords change their password? If I were to say, hack the source of the signup page, could I still sign up with a ‘banned’ password?

2) What passwords *should* be on the list, but aren’t? One of my favorite test passwords “asdf;lkj” isn’t on there. What password do you think should be banned, but isn’t? Let us know in the comments.

This entry was posted on Monday, January 4th, 2010 at 12:45 pm by Peter Hesse and is filed under passwords. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.