New generation of Password Mass-Analysis (Password reuse study)


Recommended Posts

New generation of Password Mass-Analysis 

  Quote

 

Curious about a statistic?

 

Please create an issue and explain what you want to learn, and if its interesting i'll query the thing and add the result!

Cool Stats

 

From 1.000.000.000+ lines of dumps, 257.669.588 were filtered as either corrupt data(gibberish in improper format) or test accounts.

1 Billion credentials boil down to 168.919.919 passwords, and 393.386.953 usernames.

 

Most common password is 123456. It covers roughly 0.722% of all the passwords. (Around 7 million times per billion)

Most common 1000 passwords cover 6.607% of all the passwords.

 

With most common 1 million passwords, hit-rate is at 36.28%, and with most common 10 million passwords hit rate is at 54.00%.

 

Average password length is 9.4822 characters.

12.04% of passwords contain special characters.

28.79% of passwords are letters only.

26.16% of passwords are lowercase only.

13.37% of passwords are numbers only.

34.41% of all passwords end with digits, but only 4.522% of all passwords start with digits.

 

Unique Passwords

 

8.83% of the passwords are unique - they were only found once.

Their average length was 9.7965 characters.

Surprisingly, just a fraction of these passwords are meaningless.

Only 7.082% of these passwords contain special characters - Rest matches ^[a-zA-Z0-9]$

20.02% of these passwords are letters only, and 15.02% is only lowercase.

Average length for lowercase-unique passwords were 9.3694 characters.

 

Expand  
 
 
 
 

 

https://github.com/FlameOfIgnis/Pwdb-Public

 

I thought this was really interesting.  Just goes to show, how horrible people are with passwords.

 

If you can see that if the average password length is 9.7965 characters, hackers are not going to waste their time trying to brute force a password any longer than that, as this will get them into MOST passwords. While brute forcing, they can say, let's try all password combinations up to X number of characters, in this case 9-10.

 

If a hacker tried to brute force a password with a list of the top 10 Million passwords his success rate of guessing the correct password would be 54% or better than 50/50. That's Crazy!

  On 21/07/2020 at 17:24, cork1958 said:

 Would really have to be a moron to do that, IMO.

Expand  

would you really though? You just don't' have to give a crap about security and password or have much respect for either. It's why I've seen have the absolute worst passwords for their ISP email, such passwords as "Internet". It's also embarrassing for an ISP to allow them to use such a terrible password.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • CapCut 6.5.0 (offline installer) by Razvan Serea CapCut is a versatile video editing app that offers a range of features such as multi-layer editing, keyframe animations, special effects, and more, to create professional-quality videos. With CapCut, users can edit and enhance their videos with a variety of tools such as filters, transitions, effects, and text overlays. CapCut's extensive library of pre-designed templates and visual effects also allows users to create unique and eye-catching videos in just a few clicks. Users can also adjust video speed, crop, and merge multiple clips, among other features. CapCut is available for both mobile devices and Windows, making it accessible for everyone. CapCut key features: User-friendly interface for easy video editing A wide range of editing tools, including trim, split, cut, and merge Music library with a wide range of tracks to choose from Customizable text and fonts to add captions and titles Multi-layer timeline for seamless editing and layering Filters and effects to enhance video quality and style A variety of transitions to choose from Multiple aspect ratio options for different platforms Green screen/chroma key for adding custom backgrounds Overlays and stickers to add to your videos Easy exporting to different video formats and resolutions Large library of pre-designed templates and visual effects Customizable video thumbnails for branding Keyframe animation to add movement to your video Speed adjustment for slow motion or time-lapse effects Customizable transitions between clips Reverse video playback for creative effects Voiceover recording and editing for narrating your video Color grading tools and much more... Download: CapCut 6.5.0 | 701.0 MB (Freeware) Links: CapCut Website | CapCut Screenshot | CapCut Online Editor Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • Total Commander 11.55 by Razvan Serea Total Commander is a great two-pane file manager replacement for Windows, a program like Windows Explorer to copy, move, or delete files. It includes extra integrated applications like a built-in FTP client with FXP, a renaming tool, a disk space analyzer, a file synchronizer, can pack and unpack files, compare files by content, a quick view panel with bitmap display, HTTP proxy support and more. Total Commander 11 is compatible with Windows 95/98/ME/NT/2000/XP/Vista/7/8/8.1/10/11. Total Commander is distributed as shareware with a trial period of 30 days, but will continue to function, with a subscription reminder, after that. Total Commander features include: Two file windows side by side Multiple language and Unicode support Enhanced search function Compare files (now with editor) / synchronize directories Quick View panel with bitmap display ZIP, ARJ, LZH, RAR, UC2, TAR, GZ, CAB, ACE archive handling + plugins Built-in FTP client with FXP (server to server) and HTTP proxy support Parallel port link, multi-rename tool Tabbed interface, regular expressions, history+favorites buttons Thumbnails view, custom columns, enhanced search Compare editor, cursor in lister, separate trees, logging, enhanced overwrite dialog etc. Unicode names almost everywhere, long names (>259 characters), password manager for ftp and plugins, synchronize empty dirs, 64 bit context menu, quick file filter (Ctrl+S) USB port connection via special direct transfer cable, partial branch view (Ctrl+Shift+B), and many improvements to ftp, synchronizing and other functions And many more! Total Commander 11.55 release notes: This version mainly fixes bugs. Complete list of changes. New functions in Total Commander 11.55: Copying When "Copy to all selected folders/links..." is enabled, the "Keep relative paths" option is also respected Supports copying directories anywhere in subdirectories. For example, if "Only files of this type:" is set to "test\", the "test" folder will be found anywhere in the selected folders An overlay icon is displayed in the system tray when an overwrite confirmation dialog is open while Total Commander is not in the foreground When copying sparse files, only the parts containing non-zero data are copied. This option needs to be enabled via wincmd.ini [Configuration] CopySparseFiles=1 General Multi-rename tool: New placeholder [v] for inserting milliseconds, e.g. [hms].[v] Create/Verify Checksums: Use multiple threads for Blake3 checksums (64-bit only, on Windows 7 and newer) Use tc7z.dll as a fallback for unrar.dll if unrar.dll fails to load Rename directories in 7z archives when using the internal 7z packer New parameter for the internal MULTIRENAME command opens the tool and offers the user to undo the last operation Use external DLL tcsha64.dll to create/verify SHA3 checksums faster Download: Total Commander 11.55 | 10.6 MB (Shareware) View: Total Commander Website | Android | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • It should be the default browser behavior (apart from sending recorded audio to an external device)
    • "So if you are interested in this extension, for God's sake, do not try it in an office. Your coworkers will probably think you have finally lost it and are performing some bizarre humiliation ritual at your desk." If you install the plugin and start screaming at your system...you left being lost in the rear view.
    • Mullvad Browser 14.5.4 by Razvan Serea The Mullvad Browser is a privacy-focused web browser developed in a collaboration between Mullvad VPN and the Tor Project. It’s designed to minimize tracking and fingerprinting. You could say it’s a Tor Browser to use without the Tor Network. Instead, you can use it with a trustworthy VPN. The idea is to provide one more alternative – beside the Tor Network – to browse the internet with more privacy. To get as many people as possible to fight the big data gathering of today. To free the internet from mass surveillance. The Mullvad browser is free of charge, open source, and can be used without Mullvad VPN (although the combination is recommended). It is supported across platforms (Windows, MacOS, Linux). Privacy quality of the Tor Browser. To use with a VPN - Using a VPN is not enough to achieve perfect privacy online. There’s simply too much data being extracted through most browsers. The Mullvad Browser is a web browser with the privacy quality of the Tor Browser, to be used with a trustworthy VPN. Strong anti-fingerprinting from the Tor Project - The Tor Project has a proven track record of building a privacy-focused browser. The Mullvad Browser has the same fingerprinting protection as the Tor Browser – it just connects to the internet with (or without) a VPN instead of the Tor Network. No telemetry - Telemetry refers to unique data collected by the browser to enhance its performance. Mullvad does not support the collection of user data. Therefore, with the Mullvad Browser, all telemetry has been removed. Privacy first - Mullvad VPN has a proven record of putting privacy first. With no strange business models or short-term venture capitalist owners. The Tor Project is a non-profit organization fighting for human rights. Mullvad Browser 14.5.4 changelog: All Platforms Updated Firefox to 128.12.0esr Updated NoScript to 13.0.8 Bug 450: Rebase Mullvad Browser stable onto 128.12.0esr [mullvad-browser] Bug 43782: Add new UX flow for changing security level (Desktop) [tor-browser] Bug 43783: Tighten up the SecurityLevel module to enforce new UX flow [tor-browser] Bug 43784: Get confirmation from NoScript that settings are applied [tor-browser] Bug 43911: Backport security fixes from Firefox 140 [tor-browser] Build System / All Platforms Bug 41477: Update keyring/boklm.gpg for new subkeys (2025) [tor-browser-build] Bug 41498: Update keyring/morgan.gpg with updated public key [tor-browser-build] Download: Mullvad Browser 14.5 | 90.6 MB (Open Source) View: Mullvad Browser Homepage | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
  • Recent Achievements

    • First Post
      solidox earned a badge
      First Post
    • First Post
      BA the Curmudgeon earned a badge
      First Post
    • One Year In
      blissa jayden earned a badge
      One Year In
    • One Month Later
      blissa jayden earned a badge
      One Month Later
    • Week One Done
      blissa jayden earned a badge
      Week One Done
  • Popular Contributors

    1. 1
      +primortal
      562
    2. 2
      ATLien_0
      213
    3. 3
      +FloatingFatMan
      171
    4. 4
      Michael Scrip
      153
    5. 5
      Som
      151
  • Tell a friend

    Love Neowin? Tell a friend!