Login/Register
Most used password in different language [closed]
Asked Answered
Solved javascriptpasswordschange-password
L

2

8

I need to check the strength of password when user change his password. For that I'm using zxcvbn. The issue is that I have user who speak french and german and some very stupid password like "motdepasse" ("password" in french) is rated good by zxcvbn because this word is not in the common passwords list.

My question is : where can I find a list (10K+) of most used password in french and german to add them in the common passwords list of zxcvbn ?

Google did not help me...

Lambard answered 11/6, 2015 at 11:52 Comment(8)
woah there are such lists ?Footlight
Did you already have a look at: security.stackexchange.com/questions/1376/… ?Mucin
The kinds of places you would find these lists are not the kind of places you want to be going. You may find speculative lists based on polls and such but joining a community which has information like this will earn you a flag on many watch lists.Cocky
@Ludovic Yes I did look at the website given in answer but there is only english password.Lambard
A better question would be, "how do you know this French guy's password?" Are you storing passwords in plaintext on your server?Cockaigne
@OhAuth I know that's why I'm trying to find other way to get those lists... zxcvbn.js should have multiple dictionaries... not only english !Lambard
@Lambard I edited my answer, have a look at the first link you should find what you wantMucin
@AaditMShah No, I'm not. French is my first language and I know that there is a lot of stupid password like "motdepasse"... no need to analyze real password.. like you know that you will find "password" as a password on english website.Lambard
L
0

After multiple search and the discussion with Ludovic, I was not able to find such a list. My solution was to translate the password in the list (which can be translated, such as "password", "dragon", "letmein", etc...) in the language I wanted...

Lambard answered 12/6, 2015 at 7:33 Comment(1)
This is not correct. A common word in one language is not necessarily common when translated to another language.Chor
M
5

There is a lot of website that can give you some password dictionary. Have a look at:

Also have a look at theses posts on security.stackexchange:

Mucin answered 11/6, 2015 at 11:59 Comment(8)
Thanks. The first link is the only website in which I did find other languages, BUT it is dictionaries of words, not most used passwords. Which mean if I come back to my example, that "motdepasse" will not be found in the dictionary because it's made of 3 french words "mot de passe" without white space... Same for example with most used french name in password. For example in english password dictionnary there is "maggie" in the top 100 of most used password...Lambard
@Lambard I think that zxcvbn combine different words to find the password so it is not a problem. See: blogs.dropbox.com/tech/2012/04/…Mucin
You're right, you're even too right ! Adding a dictionary of all the word of a language in the "common_passwords.txt" will make that every password with a word of that language in it will be refused by zxcvbn... for example a password which is considered as good by zxcvbn : "correcthorsebatterystaple" will be considered very weak if we add the dictionary in the "common_passwords.txt" because "correct", "horse", "battery" and "staple" will be found in that file and the final note of the password will be very weak...Lambard
@Lambard yes, you now have all you want to check the strength of your users passwords :)Mucin
I think you misunderstood my last comment. My point is that I can NOT add the dictionary (french, german or english) in common_password.txt or I will break the logic of zxcvbn password strength verification.Lambard
@Lambard Ho i now see what you mean...Mucin
I can't think of another solution... I must find a list of common french/german passwords to be "compatible" with the zxcvbn logic...Lambard
Let us continue this discussion in chat.Lambard
L
0

After multiple search and the discussion with Ludovic, I was not able to find such a list. My solution was to translate the password in the list (which can be translated, such as "password", "dragon", "letmein", etc...) in the language I wanted...

Lambard answered 12/6, 2015 at 7:33 Comment(1)
This is not correct. A common word in one language is not necessarily common when translated to another language.Chor

© 2022 - 2024 — McMap. All rights reserved.