New generation of Password Mass-Analysis (Password reuse study)


Recommended Posts

New generation of Password Mass-Analysis 

  Quote

 

Curious about a statistic?

 

Please create an issue and explain what you want to learn, and if its interesting i'll query the thing and add the result!

Cool Stats

 

From 1.000.000.000+ lines of dumps, 257.669.588 were filtered as either corrupt data(gibberish in improper format) or test accounts.

1 Billion credentials boil down to 168.919.919 passwords, and 393.386.953 usernames.

 

Most common password is 123456. It covers roughly 0.722% of all the passwords. (Around 7 million times per billion)

Most common 1000 passwords cover 6.607% of all the passwords.

 

With most common 1 million passwords, hit-rate is at 36.28%, and with most common 10 million passwords hit rate is at 54.00%.

 

Average password length is 9.4822 characters.

12.04% of passwords contain special characters.

28.79% of passwords are letters only.

26.16% of passwords are lowercase only.

13.37% of passwords are numbers only.

34.41% of all passwords end with digits, but only 4.522% of all passwords start with digits.

 

Unique Passwords

 

8.83% of the passwords are unique - they were only found once.

Their average length was 9.7965 characters.

Surprisingly, just a fraction of these passwords are meaningless.

Only 7.082% of these passwords contain special characters - Rest matches ^[a-zA-Z0-9]$

20.02% of these passwords are letters only, and 15.02% is only lowercase.

Average length for lowercase-unique passwords were 9.3694 characters.

 

Expand  
 
 
 
 

 

https://github.com/FlameOfIgnis/Pwdb-Public

 

I thought this was really interesting.  Just goes to show, how horrible people are with passwords.

 

If you can see that if the average password length is 9.7965 characters, hackers are not going to waste their time trying to brute force a password any longer than that, as this will get them into MOST passwords. While brute forcing, they can say, let's try all password combinations up to X number of characters, in this case 9-10.

 

If a hacker tried to brute force a password with a list of the top 10 Million passwords his success rate of guessing the correct password would be 54% or better than 50/50. That's Crazy!

  On 21/07/2020 at 17:24, cork1958 said:

 Would really have to be a moron to do that, IMO.

Expand  

would you really though? You just don't' have to give a crap about security and password or have much respect for either. It's why I've seen have the absolute worst passwords for their ISP email, such passwords as "Internet". It's also embarrassing for an ISP to allow them to use such a terrible password.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • Why are you completely changing the visual identity of all software here for something else at a whim??? Wtf???
    • My Pixel 7 got the update this morning and it's been freezing constantly. I tracked the issue to Nova Launcher. Once I removed the app, everything is working just fine. There hasn't been an update to Nova in a long time so maybe this is just writing on the wall to move on.
    • Google begins rollout of Android 16 with several new features by Pradeep Viswanathan Today, Google announced the rollout of Android 16, the latest major update to the Android operating system. Android 16 is now being released to all supported Google Pixel smartphones, with availability expanding to other OEM Android devices later this year. Unlike the recently announced iOS 26, which features a revamped Liquid Glass design, Android 16 introduces Google’s new Material 3 Expressive design. Google says that more Material 3 Expressive design elements will be added to Android 16 devices later this year. Android 16 also brings a number of useful features aimed at improving everyday experiences. Read about them below. Similar to iOS Live Activities, Android 16 introduces live updates that display real-time information from ride-share and food delivery apps directly on the lock screen. This feature will also be supported by Samsung’s Now Bar, as well as OPPO and OnePlus’ Live Alerts. Android 16 will automatically group notifications from the same app. For example, 20 separate messages from different WhatsApp contacts will appear as a single notification entry. The update includes improvements for users with hearing aids. Users can now switch to using their phone’s microphone for clearer calls in noisy environments. Additionally, a new native control for hearing devices will provide easier access within Android 16. With Android 16, the Advanced Protection feature can be activated with a single tap, offering enhanced security against sophisticated attacks. Google collaborated closely with Samsung to bring desktop windowing to Android 16. A DeX-like experience will soon be available across the Android ecosystem, allowing users to move and resize multiple app windows on a single screen. This feature will roll out later this year on compatible devices, and developers can begin testing it today. Later this year, Google will introduce support for custom keyboard shortcuts, enabling users to create their own combinations of hotkeys. Android 16 also includes smaller enhancements such as HDR screenshots, adaptive refresh rate, improved identity verification, and more. Today, Google also announced several exclusive features for Pixel devices with a snazzy video (above); you can read about all those features here.
    • Sorry for having to do sponsored deals in order to keep the lights on. Our Stackcommerce partner determines the deals we publish (I do not choose them myself) but I suppose what people don't see or worry about doesn't affect them. If a tiny percentage of these articles (1 Neowin Deal a day) affects you this much, then I am sorry. We're not the only news site to have to do this btw others have to as well
  • Recent Achievements

    • Reacting Well
      rshit earned a badge
      Reacting Well
    • Reacting Well
      Alan- earned a badge
      Reacting Well
    • Week One Done
      IAMFLUXX earned a badge
      Week One Done
    • One Month Later
      Æhund earned a badge
      One Month Later
    • One Month Later
      CoolRaoul earned a badge
      One Month Later
  • Popular Contributors

    1. 1
      +primortal
      532
    2. 2
      ATLien_0
      267
    3. 3
      +FloatingFatMan
      205
    4. 4
      +Edouard
      204
    5. 5
      snowy owl
      140
  • Tell a friend

    Love Neowin? Tell a friend!