You probably aren’t familiar with the name Ata Hakcil. He’s a computer engineering student who recently conducted one of the largest password security surveys currently available.
To conduct his research, he collected several username and password “data dumps” from the Dark Web and analyzed the passwords he found there. Hakcil was able to analyze a massive collection of more than a billion passwords, looking for trends and commonalities.
IT Security Professionals have long known that password security is an area of persistent weakness that leaves companies of all shapes and sizes exposed. Hakcil was able to measure and assess just how bad that problem is. What he found was depressing.
The most commonly used password in the collection he analyzed was simply ‘123456,’ which appeared in his dataset more than seven million times. It is the most widely used password in the world. Put another way, a staggering 1 person in 142 was found to have used that simple password. As you might suspect, that is laughably easy for a hacker to guess using the simplest of techniques.
In addition to that, Hakcil discovered that the average password length is 9.48 characters, which isn’t great. Given the password referenced above, is better than you might have guessed.
Other relevant and intriguing statistics culled from this study include things like:
- Only 12 percent of passwords include a special character
- 29 percent of the passwords reviewed used alphabet characters only
- 13 percent used numbers only
- Given the above, fully 42 percent of all the passwords in the dataset were vulnerable to quick “dictionary style” attacks that would allow a hacker to gain access with minimal effort.
- The most common 1000 passwords unearthed by this research accounted for 6.607 percent of the total, which gives hackers a long list of low hanging fruit to work with.
- With the most common 1 million passwords, the hit rate is 36.28 percent. With the most common 10 million passwords, the hit rate is 54 percent. This makes most networks incredibly easy to breach.
If you’re wondering why we keep reading about so many high profile data breaches month after month, the results of this research go a long way toward explaining it, and that’s unfortunate.