The password “ji32k7au4a83” might look fairly secure thanks to its seemingly random jumble of letters and numbers. But surprisingly, that exact password has appeared in 141 data breaches, as cataloged by the site Have I Been Pwned and spotted by Gizmodo. It leads to the obvious question: how are so many people using this one password?
Robert Ou, a hardware and software engineer, first spotted this interesting chain of characters and challenged people to figure out why ji32k7au4a83 is so commonly used. Taiwanese internet users quickly decoded the answer. They noted that on a Taiwanese keyboard with the Zhuyin Fuhao layout, the string spells out 我的密碼, or “wǒ de mìmǎ,” which means “my password” in Mandarin. So much for a secure password.
You can see what’s happening in the photo above, which shows the Zhuyin Fuhao keyboard layout. Typing the letter J, then I, will add two of the symbols (ㄨ + ㄛ), pronounced u and o, displayed on the top right of the keys, to form wo. You then have to type out the tone of the character, hence the 3. Ji3 translates to “me” in English, and later, “my” after you add “2k7,” the next three characters in the password.
The most common way of typing Chinese characters in Taiwan is a system called Zhuyin Fuhao, which is taught to kids in elementary school to get them started on learning how to read and write Chinese. I remember learning these symbols in Chinese class all too well… I actually failed my first class and was left behind while the other kids graduated ahead of me because my memorization was so poor. (By now, though, I basically recognize the symbols by sight.) As a side note, mainland China uses a different system, so the people coming up with ji32k7au4a83 might mainly be from Taiwan.
While ji32k7au4a83 (“my password”) has come up in 141 data breaches, au4a83 (which means, you guessed it, “password”) has shown up 1,495 times. The lesson here is that even if you’re using a custom keyboard that generates strings of letters and numbers that can mystify many English speakers, using something that equates to “password” as your password is still a bad idea. Someone out there will know exactly what you’re trying to do.