1 comments
Saturday, October 31, 2009
0
comments
Wednesday, October 07, 2009
Really wonderful analysis. Loved the way people think & care about their passwords
On 5th October theregister reported more than 10,000 password were leaked mysteriously on pastebin.com. See this tweet
As a followup study "Acunetix Web Application Security Blog" did an analysis on the kind of password people use.
Some interesting findings are as follows-
Statistics:
- The list initially contained 10,028 entries.
- There are 8931 (90%) unique passwords in the list.
- The longest password was 30 chars long: lafaroleratropezoooooooooooooo.
- The shortest password was 1 char long : )
Top 20 most common passwords:
- 123456 - 64 times
- 123456789 - 18 times
- alejandra - 11 times
- 111111 - 10 times
- alberto - 9 times
- tequiero - 9 times
- alejandro - 9 times
- 12345678 - 9 times
- 1234567 - 8 times
- estrella - 7 times
- iloveyou - 7 times
- daniel - 7 times
- 000000 - 7 times
- roberto - 7 times
- 654321 - 6 times
- bonita - 6 times
- sebastian - 6 times
- beatriz - 6 times
- mariposa - 5 times
- america - 5 times
Password length distribution:
- 1 chars – 2 – 0 %
- 2 chars – 4 – 0 %
- 3 chars – 4 – 0 %
- 4 chars – 31 – 0 %
- 5 chars – 49 – 1 %
- 6 chars – 1946 – 22 %
- 7 chars – 1254 – 14 %
- 8 chars – 1838 – 21 %
- 9 chars – 1091 – 12 %
- 10 chars – 772 – 9 %
- 11 chars – 527 – 6 %
- 12 chars – 431 – 5 %
- 13 chars – 290 – 3 %
- 14 chars – 219 – 2 %
- 15 chars – 157 – 2 %
- 16 chars – 190 – 2 %
- 17 chars – 56 – 1 %
- 18 chars – 17 – 0 %
- 19 chars – 7 – 0 %
- 20 chars – 14 – 0 %
- 21 chars – 10 – 0 %
- 22 chars – 8 – 0 %
- 23 chars – 3 – 0 %
- 24 chars – 3 – 0 %
- 25 chars – 3 – 0 %
- 26 chars – 0 – 0 %
- 27 chars – 3 – 0 %
- 28 chars – 0 – 0 %
- 29 chars – 1 – 0 %
- 30 chars – 1 – 0 %
What kind of passwords were in the list? :
- 3,713 = 42 %; lower alpha passwords : passwords containing only characters from ‘a’ to ‘z’.
Example : iloveyou- 291 = 3 %; mixed case alpha passwords : passwords containing characters from ‘a’ to ‘z’ and from ‘A’ to ‘Z’.
Example: ILoveYou- 1707 = 19 %; numeric passwords: passwords containing only numbers (’0′ to ‘9′)
Example: 123456- 2655 = 30 %; mixed alpha and numeric passwords: passwords containing characters from ‘a’-'z’, ‘A’-'Z’ and ‘0′-’9′.
Example: Iloveyou12- 565 = 6 %; mixed alpha + numeric + other characters.
Example: 1Love You$%@
Really wonderful analysis. Loved the way people think & care about their passwords
tags: Security
Subscribe to:
Posts (Atom)