"McDonald's Netherlands operations took the opportunity on Sunday to let customers know that, when it comes to choosing a password that's easy to remember, they ought not to pick the names of its products like hundreds of thousands of other people around the world. Drawing on data from Have I Been Pwned, McDonald's said that "bigmac" and its leetspeak variants were found more than 110,922 times in the site's compromised password corpus. Other products, like "happymeal," "mcnuggets," and the generic-but-still-applicable "frenchfries" were also common, and when special character substitutions are included they occur even more frequently."
"It's not unusual for internet users to take an easy-to-remember word or two and swap out an @ for an A, a 1 for an I, or other substitutions - which is part of the point McDonald's is trying to make. Simple character substitution may have been good advice back at the turn of the century, but nowadays world+dog knows the basic rules for such swaps, meaning they're not a great idea, and a brute-force attempt to crack an account is going to have all of those substituted passwords in its dictionary of stuff to try."
Change Your Password Day prompted messages urging stronger passwords. McDonald's Netherlands warned that product names and leetspeak variants appear frequently in compromised password lists. Data from Have I Been Pwned showed "bigmac" and variants more than 110,922 times; other terms such as "happymeal," "mcnuggets," and "frenchfries" are also common, and substitutions increase occurrences. Public ads and subway posters gave examples like Ch!ck3nMcN4gg€t$ and the slogan "You're lovin' it, but hackers too." Simple character substitutions are widely known and included in brute-force dictionaries. Stronger defenses include long passphrases, randomized passwords, biometrics, MFA, and password managers.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]