Serious question, why do we still tell people to use 'password123' as a test?

I saw a coworker set up a new system and use that exact phrase for a temporary login last week. It hit me that we're training bad habits from day one. Has anyone found a better phrase to use for those quick test accounts that doesn't teach the wrong thing?

4 comments

4 Comments

the_wesley2mo ago

Honestly that phrase is burned into everyone's brain at this point. Saw a security training video that actually used "ChocolateRain42" as their example strong password, which at least breaks the pattern. Makes you wonder who picks these defaults and why they stick around for decades. Maybe we should all just use song lyrics with numbers swapped in for testing.

taylorshah2mo ago

Remember my old router's default password was literally "changeme123" printed on a sticker.

jakejones24d ago

Read a thing recently about how router companies still use these dumb defaults because they test them on focus groups of non-tech people who want something they can type without looking at the keyboard. @the_claire is right that grandma needs simple, but "changeme123" is basically an engraved invitation for hackers. Saw another article where a security guy tested the top 50 router defaults and over half were still variations of "admin" or "password" from 2010. The song lyric idea works better honestly - a line from a Beatles song with some numbers mixed in is both easy to remember and actually secure.

the_claire2mo ago

Actually those default passwords make sense though. They're meant to be easy to reset for regular people, not security experts. What's a better option that grandma can actually remember?