b'WebwavesWebwavespassword at Hunt (2019b) can showequipment manuals and presentations whether that password appears in any offrom various workshops. Two photo the known data breaches. Annetts (2018)competitions have been run, we have presented lists of the most commonchanged publishers, and introduced passwords found in leaked data. Thea Data Policy. Less visible, but no less most popular password since 2013important, has been the SA/NT Branchs (123456) appears 23 174 662 times.annual wine offer, and minutiae such Another common entry, password,as events and news. While Ive been appears 3 645 804 times. The passwordprivileged to have been Webmaster suggested by that articles cartoonsince March 2015, it is important to note (XKCD 2019), correcthorsebatterystaple,that there has been a web committee, appears 114 times. A quick series ofand also web developers, without tests using LastPass random passwordwhom various tasks would not have Dave Annettsgenerator suggests Hunts (2019b) list isbeen accomplished nearly as quickly. ASEG Webmaster unlikely to contain randomly-generatedThe credit for the success of the ASEGs david.annetts@csiro.au passwords, at least up to 12 characters, sonew website also belongs to them, and this may be a useful tool for generatingI thank Ian James, Karen Gilgallon, Chris secure passwords. Unfortunately, theBishop and Paddy Rohr and his staff Password security very nature of such passwords is thatfor their support. Reiterating, the past they are invariably written down,four years have been interesting and or require installation of third-partyenjoyable, and I am confident that they Why does the password ji32k7au4a83software to save users rememberingwill pale in comparison to what will appear in a list (Hunt 2019a) ofthem (leading to automatic site login,happen next.commonly-used passwords? leading to poor security practice, leading Account security, through passwordto). Referenceselection and data encryption, has beenSo what to do? XKCDs suggestionAnnetts, D. 2018. Webwaves. Preview a common thread through the past(correctbatterystablehorse) is few Webwaves columns, and this oneattractive since it is easily remembered.2018: 423.is no exception. Readers may recall theA test of another password suggestionCERN. 2018. https://security.web.cern.discovery of the largest collection of(e.g. CERN 2018) adds weight. However,ch/security/recommendations/en/breached data in history (The Guardianwe must be careful. The passwordpasswords.shtml (accessed March 8, 2019). Comprising over 770 millionji32k7au4a83 appears on the list2019).email addresses in 87GB, Collection #1114 times, despite being long andGizmodo. 2019. https://www.gizmodo.was discovered by Hunt (2019a) andseemingly random. This passwordcom.au/2019/03/why-ji32k7au4a83-appears to comprise email addressesappears because it is a transliterationis-a-remarkably-common-password/ from different sources and different leaksvia Unicode of Mandarin to English.(accessed March 8, 2019).rather than a single data breach. However,The original Mandarin is mypasswordThe Guardian. 2019. https://bit.ly/2Hf3E7V given that the collection contains(Gizmodo 2019). (accessed March 8, 2019).1 160 253 228 unique combinations ofHunt, T. 2019a. Have I been pwned: password and email address, readersThis column is my final column as ASEGPwned passwords. https://may choose to check whether their emailWebmaster. After 20 columns sincehaveibeenpwned.com/Passwords addresses appear on this (or other lists)October 2015, it has been an interesting(accessed March 8, 2019.by checking the website Have I beenand enjoyable ride. HighlightsHunt, T. 2019b. Have I been pwned? pwned? (Hunt 2019b). include the redesign and launch ofhttps://haveibeenpwned.com/ the website in August 2016, and the(accessed March 8, 2019).Hunts site (2019b) has anotheraddition of videos and a considerableXKCD. 2019. https://xkcd.com/936/ particularly useful page. Entering aamount of content in the form of(accessed March 8, 2019).APRIL 2019 PREVIEW 38'