Cyber SecurityInternet

Password pattern analysis: Risky, lazy passwords the norm

Dashlane announced the findings of an analysis of over 61 million passwords. The analysis was conducted with research provided by Dr. Gang Wang, an Assistant Professor in the Department of Computer Science at Virginia Tech.

Researchers examined the data for patterns, illuminating simple mistakes that continue to be made by people who use passwords in daily life, which is to say—virtually everyone. They found patterns across the keyboard, from not-so-randomly chosen letters and numbers to, popular brands and bands, and even passwords created out of apparent frustration.

“It is difficult for humans to memorize unique passwords for the 150+ accounts the average person has,“ said Dr. Wang. “Inevitably, people reuse or slightly modify them, which is a dangerous practice. This danger has been amplified by the massive data breaches which have given attackers more effective tools for guessing and hacking passwords.”

Pervasive Password Walking

Researchers discovered a high frequency of passwords containing combinations of letters, numbers, and symbols that are adjacent to one another on the keyboard. This practice, known as Password Walking, highlights the apathetic attitude most users have towards passwords, preferring convenience over security.

When users Password Walk, they are creating passwords that are far from secure. Most hackers are keenly aware of the human tendency to rely on convenience and can easily exploit these common passwords.

Most are familiar with versions of Password Walking, such as “qwerty” and “123456”, but researchers uncovered several other combinations that are frequently used:

  • 1q2w3e4r
  • 1qaz2wsx
  • 1qazxsw2
  • zaq12wsx
  • !qaz2wsx
  • 1qaz@wsx

These passwords are all comprised of keys on the left-hand side of standard keyboards. This means users can simply use the pinky or ring finger on their left hand to type their entire password. However convenient this may be, saving a few seconds is not worth the loss of one’s critical financial and/or personal data due to an account hack.

The prevalence of Password Walking is troubling and should make anyone using such passwords take another look at their password practices. Genuinely random and unique passwords are essential to password security; punching a bunch of adjacent characters will not cut it.

Love and hate: A tale of two passwords

Another recurring theme researchers uncovered is a reliance on passwords related to love, as well as aggressive and vulgar language. Passionate language in either direction was more popular than more tepid or moderate expressions. The ten most frequent love/hate-related passwords:

1. iloveyou
2. f*ckyou
3. a**hole
4. f*ckoff
5. iloveme
6. trustno1
7. beautiful
8. ihateyou
9. bullsh*t
10. lovelove

Most recurrent brands

Vices like Coca Cola and Skittles seep into all corners of life, even passwords. Some might argue that technology is a modern vice, with social networks and hardware also used frequently as passwords. The ten most frequent brand-related passwords:

1. myspace *experienced a major breach in 2016
2. mustang
3. linkedin *experienced a major breach in 2016
4. ferrari
5. playboy
6. mercedes
7. cocacola
8. snickers
9. corvette
10. skittles

Music and movies

Unsurprisingly, pop culture references were also prevalent. It would be wise to remember that using passwords that use names or common phrases is not a safe practice. The ten most frequent pop culture passwords:

1. superman
2. pokemon
3. slipknot
4. starwars
5. metallica
6. nirvana
7. blink182
8. spiderman
9. greenday
10. rockstar

Champions League passwords

Lastly, as the world prepares for the Champions League Final this weekend, fans of the beautiful game should refrain from showing love for their favorite club in their passwords. Dashlane found a plethora of sports-related terms in the dataset, but the following perennial Champions League football clubs showed up more than any other teams:

1. liverpool
2. chelsea
3. arsenal
4. barcelona
5. manchester

Leave a Reply

Your email address will not be published. Required fields are marked *