A Turkish student studying at a university in Cyprus, decided to download and
analyze more than one billion leaked logon credentials. Ata Hakçıl aka FlameOfIgnis posted his findings on GitHub. 
The biggest take away is that 123456 was the most common password and covers an estimated 0.722% of all the passwords or 7 million passwords out of one billion.
From Ata Hakçıl article;
Cool Stats
- From 1.000.000.000+ lines of dumps, 257.669.588were filtered as either corrupt data(gibberish in improper format) or test accounts.
- 1 Billion credentials boil down to 168.919.919passwords, and393.386.953usernames.
- Most common password is 123456. It covers roughly0.722%of all the passwords. (Around 7 million times per billion)
- Most common 1000 passwords cover 6.607%of all the passwords.
- With most common 1 million passwords, hit-rate is at 36.28%, and with most common 10 million passwords hit rate is at54.00%.
- Average password length is 9.4822characters.
- 12.04% of passwords contain special characters.
- 28.79% of passwords are letters only.
- 26.16% of passwords are lowercase only.
- 13.37% of passwords are numbers only.
- 34.41% of all passwords end with digits, but only 4.522% of all passwords start with digits.
Unique Passwords
- 8.83%of the passwords are unique – they were only found once.- Their average length was 9.7965characters.
- Surprisingly, just a fraction of these passwords are meaningless.
- Only 7.082%of these passwords contain special characters – Rest matches^[a-zA-Z0-9]$
- 20.02%of these passwords are letters only, and- 15.02%is only lowercase.- Average length for lowercase-unique passwords were 9.3694characters.
 
- Average length for lowercase-unique passwords were 
 
- Their average length was 
Bottom Line
Based on Ata Hakçıl’s research if you want a secure password start the password with a number and include special characters.
 
																			
Leave a Reply