'Random' password 'ji32k7au4a83' used in 141 data breaches
In another language, it's not so random, or secure...
The password 'ji32k7au4a83' may look like a completely random set of numbers and letters, but that exact password has appeared in 141 data breaches.
The data breaches were catalogued by website Have I been Pwned, but the number due to the apparently random password was spotted by Gizmodo, which asked the obvious question: why were so many people using the same jumble of letters and numbers as a password?
Taking up this mystery, a hardware and software engineer from Berkeley called Robert Ou, challenged his Twitter followers to find the answer.
"Fun thing I learned today regarding secure passwords: the password 'ji32k7au4a83' looks like it'd be decently secure, right? But if you check e.g HIBP, it's been seen over a hundred times. Challenge: explain why and how this happened and how this password might be guessed," he tweeted.
The tweet proved quite popular as many took up the challenge and it wasn't long before an answer was found. Taiwanese internet users decoded the answer, noting that on a Taiwanese keyboard with the Zhuyin Fuhao layout, the random assortment of numbers and letters spells out , or "w de mm," which in Mandarin, translates to "my password".
Zhuyin Fuhao layout - courtesy of Apple
On a Zhuyin Fuhao layout, typing the letter J and I will add to two add two of the symbols ( + ), which are displayed in the top right of the keys, but pronounced as u and o. From there the tone of the character has to be typed out, hence the 3. Simply put, Ji3 translates to "me" in English, but it's switched to "my" after you add "2k7," the next three characters in the password.
There is a slightly different system used by mainland China, which suggests that people using "ji32k7au4a83" are mainly from Taiwan and while that password has shown up in 141 data breaches, "au4a83" (password) has shown up 1,495 times.
"Password" came second in SplashData's 2018 annual poll of the worst passwords, with "123456" coming out on top. Despite living in a world of biometric security, the traditional password hasn't been completely ditched and worse, terribly simple ones are still widely used no matter the language.
The ultimate law enforcement agency guide to going mobile
Best practices for implementing a mobile device programFree download
The business value of Red Hat OpenShift
Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShiftFree download
Managing security and risk across the IT supply chain: A practical approach
Best practices for IT supply chain securityFree download
Digital remote monitoring and dispatch services’ impact on edge computing and data centres
Seven trends redefining remote monitoring and field service dispatch service requirementsFree download