So then reuse and get hijacked. See if anyone else cares?

If you can't understand why having a unique strong password is a good thing, then stop using the internet entirely.

Almost every service has that requirement now.

Every service worth its salt rejects passwords found on top 100 or even 1000 of common passwords.

If your password is "password", "123456", "secret" ... you might as well not have one at all.

Yeah, if you think kurvadrat1! is commonly used password.... I dunno mate, I use Uplay, Gog, has accounts all over the gaming websites but NEVER had this kind of problems. It is just wasting my time, even though I have mobile phone verification this ♥♥♥♥ is still there....!!!

Yes, lets use commonly used profanity as a password.

Good grief.

Telling us your password is probably not the smartest move.

Other commonly rejected passwords are your username in whole or part or your email address.

johndoe@example.com for example would not be allowed to use johndoe666 as password. Including common leet speak substitutions.

Use a password manager such as keepass and the like. Secure all your passwords with 1 master password. As long as you remember your master password and backup the key database regularly you won't ever forget your password again. They can also generate random strings as passwords which can't be cracked easily with dictionary attack.

Or pick a password you'll remember and put two or three characters around each side - like () _ * ! - makes it a stronger password yet still easy to remember _(*password*)_ for example...

Originally posted by NS Plover:

Or pick a password you'll remember and put two or three characters around each side - like () _ * ! - makes it a stronger password yet still easy to remember _(*password*)_ for example...

I like using a combination of "leet speak", symbols and alternating capitals. So, for example, a password might look like: R4gN@_13lo0D3dGe

When I go to log in I'd remember that its Ragna Bloodedge, just gotta remember if I started with a Cap or not lol. IMO, a dictionary attack isn't going to crack that anytime soon.

Originally posted by Setzway:

a dictionary attack isn't going to crack that anytime soon.

It will. LeeSpeak is so commonly used for passwords that it has long been incorporated into common attack patterns. FFS it was used to circumvent spam filters in the 90s. LeetSpeak itself was created in the 80s. That's almost 40 ♥♥♥♥♥♥♥ years ago.
It's as safe as using "654321" and "p4$$w0rd" is one of the most common passwords.

Plus using brackets resets password guess attempts. Wait, that's fallout.

That password is in this list: https://haveibeenpwned.com/Passwords
Steam probably downloads this list and pick the ones that are used more than X times.

Originally posted by cinedine:

Originally posted by Setzway:

a dictionary attack isn't going to crack that anytime soon.

It will. LeeSpeak is so commonly used for passwords that it has long been incorporated into common attack patterns. FFS it was used to circumvent spam filters in the 90s. LeetSpeak itself was created in the 80s. That's almost 40 ♥♥♥♥♥♥♥ years ago.
It's as safe as using "654321" and "p4$$w0rd" is one of the most common passwords.

The thing is It's not entirely ineffective. It's a matter of what you choose to apply leet speak to. Apply it to an uncommon word like 'clandestine' to turn it into something like 'Cl@nd3st1n3' and you've got something pretty confounding.

The joke is. no onee uses dictionary attacks against web accounts. They just use packet sniffers and keyloggers.

Originally posted by Start_Running:

Originally posted by cinedine:

It will. LeeSpeak is so commonly used for passwords that it has long been incorporated into common attack patterns. FFS it was used to circumvent spam filters in the 90s. LeetSpeak itself was created in the 80s. That's almost 40 ♥♥♥♥♥♥♥ years ago.
It's as safe as using "654321" and "p4$$w0rd" is one of the most common passwords.

The thing is It's not entirely ineffective. It's a matter of what you choose to apply leet speak to. Apply it to an uncommon word like 'clandestine' to turn it into something like 'Cl@nd3st1n3' and you've got something pretty confounding.

Yeah, now throw some more symbols or seperate it using brackets or something and it gets even more complicated. "Cl@[nd]_3st1-n3"

This is why I brought up using multiple things in combination to help create a strong password. Sure, "2gNyC]938u}1H5m" may be a strong password but no normal/average person is going to remember that...

So they get Password Managers ... which have proven to have flaws or not be as secure as people think. Remeber LastPass being hacked, twice? Managers are a great tool but they can be compromised too.

Originally posted by Start_Running:

The joke is. no onee uses dictionary attacks against web accounts. They just use packet sniffers and keyloggers.

That's probably why I like the idea of using "Virtual Keyboards".

Though I'm of the belief that anything can be hacked given enough time. I mean, theorectically some dude can sit there with a bot slamming away for a password login.... 'Course I also believe safe browsing habits and using a ScriptBlocker on your Web Browser goes a much farther way to avoid getting compromised. Then again, I'm biased since literally nothing I've had in ~20 years has been compromised. Well, except my PSN but that was Sony's fault.(good thing I didn't use my CC on it and only used paid cards lol)

A password isnt safe 63c4u53 its hard to type.

Use more than one word and space instead. With a sign and number. Maybe put a mistake in the word. Or use two languages.