{"id":107298,"date":"2022-10-18T07:00:00","date_gmt":"2022-10-18T14:00:00","guid":{"rendered":"https:\/\/devblogs.microsoft.com\/oldnewthing\/?p=107298"},"modified":"2022-10-17T19:43:53","modified_gmt":"2022-10-18T02:43:53","slug":"20221018-00","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/oldnewthing\/20221018-00\/?p=107298","title":{"rendered":"Why is there a passwords.txt<\/CODE> file on my system that’s filled with somebody else’s passwords?"},"content":{"rendered":"

A customer was doing an inventory of the files on their system, and they found files named passwords.txt<\/code> that were filled with somebody else’s passwords. The same file was found among both Microsoft Teams and Microsoft Outlook’s data files. What’s going on here? Are Teams and Outlook stealing passwords?<\/p>\n

The clue is that the passwords.txt<\/code> file is in a subdirectory called ZxcvbnData<\/code>. zxcvbn is the name of a password strength estimator library developed by Dropbox<\/a>. The library is available on GitHub<\/a>, and the passwords.txt<\/code> file of the top 30,000 passwords is one of the things that zxcvbn uses to assess the strength of a proposed password. The other files in the same directory provide popular English names as well as names of popular United States television shows and movies.<\/p>\n

But that’s not the only thing that zxcvbn considers when assessing a password’s strength. You can read their blog entry<\/a> or watch their technical presentation<\/a>.<\/p>\n

So don’t panic about the passwords.txt<\/code> file. It’s there to protect you from bad passwords.<\/p>\n

Bonus chatter<\/b>: Sometimes, organizations are concerned because the passwords.txt<\/code> file contains unsavory words. It so happens that unsavory words are popular as passwords.<\/p>\n","protected":false},"excerpt":{"rendered":"

It’s part of an open-source password strength package.<\/p>\n","protected":false},"author":1069,"featured_media":111744,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[104],"class_list":["post-107298","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-oldnewthing","tag-tipssupport"],"acf":[],"blog_post_summary":"

It’s part of an open-source password strength package.<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/107298","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/users\/1069"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/comments?post=107298"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/107298\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media\/111744"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media?parent=107298"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/categories?post=107298"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/tags?post=107298"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}