top of page
Search

Let's Talk About Your Passwords... 2026 edition

It's a brand new year and I hope everyone had a safe and restful holiday!


Now, I just wanted to give you all a little stress to get you back into the swing of things. Here is the list of most common passwords for 2025: https://nordpass.com/most-common-passwords-list/



The ETSLSG mascot "The Electrical Gremlin" covering up a poison WHIMIS icon to display that it is providing a helpful safety tip

If you have a business or personal password on that list, the amount of time it takes to get into that account is less than a second. Depending on your Multi Factor Authentication method in place, it can be bumped up to 2 seconds.


There are 2 fun methods of MFA bypass, one is the spray, one is MFA spamming:


Spray - MFA codes are typically 6 digits, meaning there are 999999 possible outcomes, so if you send 999999 requests at the exact same time, one of them will be a success.

MFA spamming - If you are using app approval, you create a script that will send the entry request to your phone once every few minutes; most people will get so fed up with it, that they will often eventually approve it.

We live in a world of cardboard that is painted to look like iron, please make sure that you are using the ETSLSG password process:


1. Find your favourite song, poem, scripture, string of insults, grouping of words you find beautiful. We want it over 14 characters, but super easy to remember.


2. M@ke_it.l00k,l1k3-th1s 

Replace certain characters, with other characters, keep it easy for you to remember.

3. Write it down where you know it will not be peeked at by people you don't want looking at it, like your favourite book no one else likes or even better, a paid password keeper (NordPass, 1password, etc.)

3a. Password keepers built into most browsers (chrome, edge, firefox) are not secure, you want to make sure that it is using at least 256 or 512 AES or RSA encryption, which you can usually find on that company's website describing the product, if it's not there, they don't have it.

4. Have MFA enabled, because the setup to send a million MFA tokens is actually really expensive to set up, and they need to have your password to even get to that point anyway.

Comments

Commenting on this post isn't available anymore. Contact the site owner for more info.

 

© 2025 by E.T.S.L.S. Guild. 

 

bottom of page