At Christianity Today I have a piece today about bad passwords that Christians use: Beware of Making Jesus Your Password. I’m pretty excited that they kept the line about soccer.
The main list of passwords comes from (1) taking this list, (2) removing non-alphanumeric and leading and trailing numbers, (3) lower-casing the result, and (4) combining the totals. In the raw list, “jesus” is the 103rd most-common password; by normalizing it with these steps, it jumps to #30. The purpose here is to find the core part of the password. It’s good from a security perspective that people add leading and trailing (mostly trailing) numbers to their passwords, but they’re not so relevant here.
The list of “Christian” passwords is based on a different breach of a faith-based website. I pulled a bunch of patterns from passwords that were popular there.
Here’s the data behind the piece:
- normalized-passwords.zip. A list of 238,000 passwords following the normalization scheme I describe above. Every normalized password from RockYou that appeared at least ten times is here. Note that there’s extensive swearing.
- christian-passwords.txt. All 505 Christian-themed passwords.
- verse-passwords.txt. All 295 plausible verse references. Not all of them are actually references: for example, “daniel14” could refer to Daniel 1:4 (or even Daniel 14), but it’s most likely just someone’s name with the number “14” after it. So I don’t include it in the top-25 list that appears at CT.
These are my favorite tweets about it:
@nicole_cliffe i am fishing for men while they are phishing for men.
— Ben Sharbaugh (@bsharbaugh) January 6, 2017
— Tim Sullivan (@t_t_t_timmy) January 6, 2017
Jesus welcomes all, which is not great for computer privacy:https://t.co/kKCiuLIbrB
— John Scalzi (@scalzi) January 6, 2017