After analyzing more than 1 billion compromised password credentials around the world, a new study has found a classic “123456” for every 142 passwords. The study was conducted last month by Computer Engineering student Ata Hak?l, who analyzed the username and password combinations that appear on the network after information leaks from several companies.
Photo by Flickr
These “data dumps” are easily available from sites like GitHub, GitLab, or can be freely disseminated through hacking forums or file-sharing portals. Technology companies have been collecting data dumps for years. Google, Microsoft and Apple, for example, have collected leaked credentials to create an internal alert system that warns users when they take advantage of a “weak” or “normal” password.
A Turkish student from a university in Cyprus, Hak?l, analyzed more than 1 billion leaked user credentials. 1689199919 different passwords were found, but more than 7 million accounts used the very simple password “123456”.
According to his sample, that is, 1 in 142 leaked credentials uses the weak password “123456”. And this password has been the worst for five years in a row.
In addition, The average length of a password is typically 9.48 characters. Most security experts recommend using as long a password as possible, usually between 16 and 24 characters, or more. But password length is not the only problem that Hak?l has found. Password complexity is also a problem, with only 12% of passwords containing special characters, the Turkish researcher said.
Here’s a simple summary
From the 1000000000 plus line dump, 257669588 lines are filtered to corrupted data (inappropriately formatted) or tested accounts.
1689199919 passwords and 393386953 usernames were found in 1 billion credentials.
The most common password is 123456, which covers 0.722% of all passwords (approximately 7 million times per 100 million)
The 1000 most common passwords cover 6.607% of all passwords
The most common 1 million password coverage is 36.28%. The most common 10 million password coverage is 54%.
The average password length is 9.4822 characters.
12.04% of passwords contain special characters.
28.79% of passwords are only letters.
26.16% of passwords are only in lowercase letters.
13.37% of passwords are only digital.
34.41% of passwords end with numbers, but only 4.522% of passwords start with numbers.