- Tram Ho
Ata Hakçıl, a student majoring in computer engineering, has done one of the biggest passwords studies. Hakçıl analyzed usernames and passwords exposed online after attacks on various businesses for about half a decade.
This data is easy to find on the Internet, on websites like GitHub or GitLab, even distributed for free on network attack forums and file sharing portals. Technology companies like Google, Microsoft, Apple … also collect them to set up warning systems when users set weak or common passwords.
Hakçıl did the same thing when he downloaded more than 1 billion sets of login credentials (including usernames and passwords) that were exposed for research. Turkish students found that only 168,919,919 passwords were used, of which “123456” were used more than 7 million times, a ratio of 1/142. Thus, “123456” can be considered the most common password in the past 5 years.
In addition, the average password length is 9.48 characters, neither good nor bad. Security experts recommend that users set the password as long as possible, usually between 16 and 24 characters. What’s more serious is that only 12% of passwords contain special characters.
In almost every case, users choose a simple password by putting it all in letters (29%) or in numbers (13%). That means that about 42% of passwords in the data set are at risk of “dictionary attack” easily.
Source : Genk