0

I have been wondering if all my online and wifi passwords are complex enough.

So to test this I was checking if the password was already present on the rockyou.txt wordlist.

If the password is not present in the wordlist then can I conclude that my password is complex enough ?

ng.newbie
  • 265
  • 2
  • 6
  • 1
    It's best to generate passwords randomly, so that each password is unique as possible. See https://security.stackexchange.com/questions/215764/password-generator-and-password-limitations for simple ways to generate random passwords. – mti2935 Apr 26 '20 at 15:48

3 Answers3

9

TL;DR: No. it only means nobody on that list have the same password as you.

Stop right here, install a password manager, then come back.

Done? Good.

That list was from a company (RockYou) that stored all passwords in clear. No matter if someone had a 64 byte password, with a mix of symbols, letters, numbers, capitals, and unicode chars, if he had an account at RockYou, the password leaked. And that wordlist is used on lots of bruteforce tools, so it will be used on emails, routers, Active Directory accounts, and everything on the internet that uses a login and password for authentication.

That's why everyone needs a password manager. No exceptions. It solves the two most prominent issues with passwords: weak passwords, and password reuse.

If your password is weak, it was used by lots of people too. So a leak like RockYou will mean your simple password is leaked, and a service you use will probably be compromised.

If you reuse passwords, no matter how complex the password is, some day the password leaks, and every service you use can be attacked.

A password manager solves both problems: creates long, complex and unique passwords for every service, and requires you to only remember the master password. They are not perfect, they can have security issues, but not using a password manager is the equivalent of saying that bridges can collapse, so you will swim across the river.

ThoriumBR
  • 50,648
  • 13
  • 127
  • 142
1

Answer is no.

Hackers generally make custom password list for specific users. Don't take hackers for granted , they have incredible social engineering skills which allows them to collect a lot of valuable information about a person.

Rockyou contains password which newbies often use(Common passwords)

If you want to make a strong password remember to include random upper cases, lower cases, numbers, symbols and must be longer than 15 characters.

Noone Noone
  • 51
  • 7
  • "Hackers generally make custom password list for specific users" - citation needed ... Because, no, they don't do that *generally*. – schroeder Apr 29 '20 at 20:26
-1

Definitely not. Rockyou.txt is just a list of stolen passwords ...

schroeder
  • 123,438
  • 55
  • 284
  • 319
S3jp4kCZE
  • 43
  • 5