A Turkish student studying at a university in Cyprus, decided to download and
analyze more than one billion leaked logon credentials. Ata Hakçıl aka FlameOfIgnis posted his findings on GitHub.
The biggest take away is that 123456 was the most common password and covers an estimated 0.722% of all the passwords or 7 million passwords out of one billion.
From Ata Hakçıl article;
Cool Stats
- From 1.000.000.000+ lines of dumps,
257.669.588
were filtered as either corrupt data(gibberish in improper format) or test accounts. - 1 Billion credentials boil down to
168.919.919
passwords, and393.386.953
usernames. - Most common password is
123456
. It covers roughly0.722%
of all the passwords. (Around 7 million times per billion) - Most common 1000 passwords cover
6.607%
of all the passwords. - With most common 1 million passwords, hit-rate is at
36.28%
, and with most common 10 million passwords hit rate is at54.00%
. - Average password length is
9.4822
characters. - 12.04% of passwords contain special characters.
- 28.79% of passwords are letters only.
- 26.16% of passwords are lowercase only.
- 13.37% of passwords are numbers only.
- 34.41% of all passwords end with digits, but only 4.522% of all passwords start with digits.
Unique Passwords
8.83%
of the passwords are unique – they were only found once.- Their average length was
9.7965
characters. - Surprisingly, just a fraction of these passwords are meaningless.
- Only
7.082%
of these passwords contain special characters – Rest matches^[a-zA-Z0-9]$
20.02%
of these passwords are letters only, and15.02%
is only lowercase.- Average length for lowercase-unique passwords were
9.3694
characters.
- Average length for lowercase-unique passwords were
- Their average length was
Bottom Line
Based on Ata Hakçıl’s research if you want a secure password start the password with a number and include special characters.
Recent Comments