Your password sucks

Passwords are the worst and you’re probably terrible at them. #Sorrynotsorry

No really. Due to a toxic brew of poorly salted passwords, frequent security breaches, credential reuse, and boneheaded length / character rules (looking at you banks), web security sucks.

Combined with brute force and your email address, black hats can iterate over thousands of common passwords to break into your accounts. No bueno 💀

Of course, there’s two factor authentication (you’re using Authy right?) and password managers (LastPass, OnePass, Keypass - I don’t care which, just use one) — but passwords are always the weakest link.

Don’t despair though, there’s some good news in all this: with a database of the 10,000 most commonly used (and thus WORST) passwords, Stupid Passwords lets you test to see if your passwords are objectively awful:


const stupidPasswords = require(‘stupid-passwords’);

const x = stupidPasswords.isStupid(‘hello’); // true -> bad password // interestingly, ‘god’ isn’t on the list…

const y = stupidPasswords.isStupid(‘1am$up3rc00l’); // false -> not a -terrible- password, but could be better

const z = stupidPasswords.rateOfUsage(‘hello’) // {password: ‘hello’, frequency: 1644 } // i mean, come on


Much like forest fires, only you can prevent the crack-ening of your digital identity. Now go test your passwords and turn on two-factor!

2017 Neal Shyam