The Unexpected Word That Shows Up on Every Hacked-Password List

iStock
iStock

Every year, security-focused companies like SplashData release lists of the year's most hacked passwords, inevitably prompting us to ask, "Why would you make your password password?" In 2017, the most popular passwords list included longtime mainstays like 123456, qwerty, and, of course, password.

We get it, people aren't creative when they're coming up with their thousandth password. But WIRED (warning: paywall ahead) alerts us to one mainstay password that stands out from the pack, one that appears regularly on hacked password lists but has none of the obvious origins of passwords like hello or login. People love to make their password—drum roll, please—dragon.

WIRED investigated just why so many internet users use dragon to unlock their accounts, taking the question to password experts and security researchers.

Part of the reason, the magazine found, might just be related to the biases of these lists. They pull from leaked data from hacked sites, a dataset that doesn't always represent everyone on the internet. Depending on the user base of those hacked sites, the passwords also might represent specific groups (say, young dudes) who have more of a tendency to shout their love of fantastical winged reptiles from the rooftops.

The sites that get hacked and have their password data leaked to the world may not have had great security controls in the first place, either. Users might not have had to come up with extra numbers and special characters when generating a password. And the single-word dragon isn't as difficult for hackers to decode as some other passwords, so it's liable to be leaked. According to Keeper Security, many hackers can break a seven-digit password made up of upper- and lower-case letters and numbers in 10 seconds. Since dragon has already proved itself to be so popular, a hacker will probably go ahead and test that one out early.

Several people told WIRED they have used dragon as a password for years, just because, you know, they liked dragons. If you're a fan of Dungeons and Dragons, Harry Potter, Lord of the Rings, Game of Thrones, or, maybe even How to Train Your Dragon, dragon might be a super simple password to remember. And, because most people don't change their passwords as often as they should, you probably use it over and over again.

A similar reason might explain why words like football, monkey, and starwars often appear on these lists [PDF] year after year as well. People love football, monkeys, and Star Wars. Unfortunately, so do hackers.

Read the full rundown of why people love dragon—and why it's not a great way to protect the pile of gold that is your online data—here. As always, we will leave you with this reminder: Get a password manager. You don't want to end up as an embarrassing statistic on a password-shaming list.

[h/t WIRED]

You Can Now Order—and Donate—Girl Scout Cookies Online

It's OK if you decide to ignore the recommended serving size on a box of these beauties.
It's OK if you decide to ignore the recommended serving size on a box of these beauties.
Girl Scouts

Girl Scouts may have temporarily suspended both cookie booths and door-to-door sales to prevent the spread of the novel coronavirus, but that doesn’t mean you’ll be deprived of your annual supply of everyone’s favorite boxed baked goods. Instead, you can now order Thin Mints, Tagalongs, and all the other classic cookies online—or donate them to local charities.

When you enter your ZIP code on the “Girl Scouts Cookie Care” page, it’ll take you to a digital order form for the nearest Girl Scouts organization in your area. Then, simply choose your cookies—which cost $5 or $6 per box—and check out with your payment and shipping information. There’s a minimum of four boxes for each order, and shipping fees vary based on quantity.

Below the list of cookies is a “Donate Cookies” option, which doesn’t count toward your own order total and doesn’t cost any extra to ship. You get to choose how many boxes to donate, but the Girl Scouts decide which kinds of cookies to send and where exactly to send them (the charity, organization, or group of people benefiting from your donation is listed on the order form). There’s a pretty wide range of recipients, and some are specific to healthcare workers—especially in regions with particularly large coronavirus outbreaks. The Girl Scouts of Greater New York, for example, are sending donations to NYC Health + Hospitals, while the Girl Scouts of Western Washington have simply listed “COVID-19 Responders” as their recipients.

Taking their cookie business online isn’t the only way the Girl Scouts are adapting to the ‘stay home’ mandates happening across the country. They’ve also launched “Girl Scouts at Home,” a digital platform filled with self-guided activities so Girl Scouts can continue to learn skills and earn badges without venturing farther than their own backyard. Resources are categorized by grade level and include everything from mastering the basics of coding to building a life vest for a Corgi (though the video instructions for that haven’t been posted yet).

“For 108 years, Girl Scouts has been there in times of crisis and turmoil,” Girl Scouts of the USA CEO Sylvia Acevedo said in a press release. “And today we are stepping forward with new initiatives to help girls, their families, and consumers connect, explore, find comfort, and take action.”

You can order cookies here, and explore “Girl Scouts at Home” here.

Can't Find Yeast? Grow Your Own at Home With a Sourdough Starter

Dutodom, iStock via Getty Images
Dutodom, iStock via Getty Images

Baking bread can relieve stress and it requires long stretches of time at home that many of us now have. But shoppers have been panic-buying some surprising items since the start of the COVID-19 crisis. In addition to pantry staples like rice and beans, yeast packets are suddenly hard to find in grocery stores. If you got the idea to make homemade bread at the same time as everyone on your Instagram feed, don't let the yeast shortage stop you. As long as you have flour, water, and time, you can grow your own yeast at home.

While many bread recipes call for either instant yeast or dry active yeast, sourdough bread can be made with ingredients you hopefully already have on hand. The key to sourdough's unique, tangy taste lies in its "wild" yeast. Yeast is a single-celled type of fungus that's abundant in nature—it's so abundant, it's floating around your home right now.

To cultivate wild yeast, you need to make a sourdough starter. This can be done by combining one cup of flour (like whole grain, all-purpose, or a mixture of the two) with a half cup of cool water in a bowl made of nonreactive material (such as glass, stainless steel, or food-grade plastic). Cover it with plastic wrap or a clean towel and let it sit in a fairly warm place (70°F to 75°F) for 24 hours.

Your starter must be fed with one cup of flour and a half cup of water every day for five days before it can be used in baking. Sourdough starter is a living thing, so you should notice is start to bubble and grow in size over time (it also makes a great low-maintenance pet if you're looking for company in quarantine). On the fifth day, you can use your starter to make dough for sourdough bread. Here's a recipe from King Arthur Flour that only calls for starter, flour, salt, and water.

If you just want to get the urge to bake out of your system, you can toss your starter once you're done with it. If you plan on making sourdough again, you can use the same starter indefinitely. Starters have been known to live in people's kitchens for decades. But to avoid using up all your flour, you can store yours in the fridge after the first five days and reduce feedings to once a week.

SECTIONS

arrow
LIVE SMARTER