Study Analyzes Patterns in Passwords

December 11, 2016

A study of leaked emails and passwords showed too many still take the easy route when choosing passwords.

A CBT Nuggets report analyzed the leaked accounts for root words and easy-to-guess elements. Among other information, the analysis revealed the top 30 most leaked passwords, the total number of passwords leaked by name, age bracket, gender, and even state of residence. The percentage of people who use their own names in their passwords is 42.1 percent.

Among the 50,000 accounts, of the 30 most common passwords the top 10 were love, star, girl, rock, miss, hell, Mike, John, and baby. Hackers, who have access to more than just one study of leaked info, start by running the most common passwords — if they don’t have to work hard, they won’t complain. CBT Nugget recommends avoiding the most popular passwords and use made up word and letter, number, and special character combinations.

According to the report, people with certain first names are most likely to have their passwords leaked, whether they use their names in their passwords or not. For gender-indicative names (certainly not gender-specific), Mike, Chris, John, Dave or Matt are the top five for males and Jen, Jessica, Sarah, Amanda, and Michelle take the lead for women. Overall, males accounted for 53 percent of the leaked passwords and females 47 percent.

Account holder age mattered, too, with millennials in the lead. Of the leaked accounts, 65 percent were 25-34 years old, followed by 16 percent aged 35-44, and 13.6 percent 21-24. All other age groupings were 2.5 percent or lower.

Within U.S. states, 4.67 leaked passwords per 100,000 residents was the average. Hawaii had the highest average at 38.71 passwords, followed by California with 18.18, and Nevada with 12.42.

Some people use their own name in your password, and among the top 25 leading offenders, people named Amy used their name either as or part of their password 60 percent of the time, followed by Lisa (59 percent), Scott (56 percent), Mark (54 percent), and Laura (53 percent).

Yahoo emails accounted for about 48 percent of the leaked accounts, followed by Hotmail and Gmail at 17 percent, and AOL at 7 percent. All others accounted for 10 percent. Even though AOL accounts were the least leaked, the study showed that service had the highest incidence (46 percent) of people using part of their name or username in their passwords.

https://blog.cbtnuggets.com/2016/12/leaky-logins-50000-passwords-exposed/

How can you advance your career in the security industry with the skills and competencies necessary to benefit your organization? What will the security executive and the security function of the future look like? Join us as we hear from veterans in the security industry about their experiences, their lessons learned, and best practices for advancing their careers.