RockYou2021: largest password compilation of all time leaked online with 8.4 billion entries

[StDragon]

6 hours ago, Stahlmann said:

I'm at a point where it's just not physically possible to change passwords for every account every month or so. At least not if i plan to do anything else in my free time. The problem starts with needing 10 accounts if you want to fully use 10 websites. It's just not realistic to expect people to regularly change all their passwords anymore. There has to be a better solution?!

As posted prior, you don't need to change your password often. You should however use a unique password for each site.

 

As security becomes more complex to keep track of, so too will it become more abstract in managing the problem. That's why password manager services such as LastPass, Bitwarden, Dashlane, and 1Password exist.

[Bombastinator]

22 minutes ago, Caroline said:

 

 

I use Vim

^{because I love to suffer and don't even know how to close it}

 

About passwords I just set up something that only I could ever think of and no one else knows, oh and never ever use the save password option in any website or browser.

 

Bank security is horrible though, a 4-digit code is everything that prevents some hacker from accessing my account online, thankfully I always have less than $5 on my account so if anyone ever finds out what my pin is he's gonna be disappointed af

 

Is vim a continuation of vi?  I remember heated vi vs emacs debates which were mostly they do more or less the same thing in the end and whatever you learned on is fine.

Edited June 9, 2021 by Bombastinator

[Sauron]

On 6/8/2021 at 11:43 AM, HempBoosh said:

Nearly all online population is affected.

citation needed...?

[Pickles von Brine]

So I figured I would post this here:

https://chris.partridge.tech/2021/rockyou2021.txt-a-short-summary/

 

Quote

rockyou2021.txt flew on to the scene a couple days ago with significant news coverage:

• “Hackers expose 8.4 billion passwords online - your security is at risk,” howls Laptop, dying for clicks
• “This might be the mother of all password leaks, with billions of credentials exposed,” preaches Yahoo, missing the point entirely
• “Billions of passwords leaked online from past data breaches,” says TechRepublic, who are closest to the mark

The unfortunate truth is, the consumer security news cycle hasn’t bothered to check their notes before claiming Armageddon - again.

What is rockyou2021.txt?

rockyou2021.txt is a compilation of dictionaries, breached words, and probable passwords, released by kys234 on RaidForums (a forum often catering to cybercrime). The original thread is available here, and allows anyone (researchers, threat actors, oh my!) to download and redistribute this compilation.

But while rockyou2021.txt is a new compilation of many things, none of them are actually new. Here’s what’s inside:

• The CrackStation Dictionary - a compilation of known password leaks and old breaches, words in Wikipedia articles, and some books from Project Gutenberg.
• Hack3r.com’s Wikipedia Wordlist - another source of words appearing in Wikipedia.
• Daniel Meissler’s SecLists/Passwords - common words, permutations, default credentials, captured passwords from honeypots, and more - many separate entities to assist in password cracking attempts.
• berzerk0’s Probable-Wordlists - known passwords and dictionaries used in Ben’s research in password trends.
• Passwords from Weakpass - mostly wordlists and real passwords.
• COMB - the Combination of Many Breaches list (3.8 billion records) from earlier this year, another amalgam of known passwords this wasn’t itself a new breach, but made the news anyway.

… and a couple other minor sources, for a total of 8.4 billion records (after cleaning and deduplication).

While I have a screenshot of the original thread here in case it’s edited or removed, I wanted to write these out to make it clear that the majority of this compilation was already 100% free, 100% available, and therefore 100% not a reason to sound any alarms. In fact, none of this is new, any news provider that said you should change your passwords immediately due to the existence of rockyou2021.txt needs a slap on the wrist and a cold shower.¹

 

[vorticalbox]

On 6/8/2021 at 11:41 AM, Murasaki said:

100gb text file? Notepad is gonna need a decade to open that.

Most people don't have 100gb of ram to load the whole file