Analysing the behaviour of people in creating text passwords in recent years

Thumbnail Image

Files

379.pdf (341.97 KB)

Date

2014-07-04

Authors

Journal Title

Journal ISSN

Volume Title

Publisher

University of Peradeniya , Sri Lanka

Abstract

This study has been carried out to figure out how the people are good at creating their passwords in recent years. The research was able to gather a list of 14,344,377 passwords which have been created by the global users for a popular website. The passwords in the list were imported to an access database and SQL was primarily used to derive the statistical information. The cracklib-check utility, in Ubuntu, was also used to determine each password’s strength and then the results were imported to the database for further analysis. It was clearly identified that 99.29% of the passwords have been composed only by either alphabets or digits. The remaining 0.72% uses mixed-characters. Moreover, the number of characters in 81% of the passwords is between 6 and 10 and another 16.97% is between 11 and 20 characters. Surprisingly, 15 passwords consist of more than 250 characters, each of which encompasses 222 characters and there are 477 passwords which consist of more than 250 characters. Above all, 96.92% of the passwords are unique and 71.73% are secured enough, although 20.78% are dictionary words. On the other hand, 7.49% of the passwords are considered as very weak passwords. Finally, the word “password” is used repeatedly 34 times. It was pinpointed that the users are quite interested to form unique passwords although it shows that 99.29% of the passwords were created only by using either alphabet or digits. Regardless, nearly 72% are strong password and also most users keep their passwords’ length between 6 and 10. It is shocked to realize that there are people who still use the word “password” as their password even though the first guess for a password to compromise online accounts by the attackers was the “password”. It was understood from the study that the people are better at creating unique and lengthy passwords although they failed to make their passwords with mixed-characters. Moreover, it is quite obvious that the people are keen to create secure passwords. Nevertheless, there are some people who are still using passwords which are considered as very common passwords in the universe. Eventually, it is conspicuous to understand that the people are strictly following some of the guidelines while they completely fail to obey other important guidelines in their mind when they go for a password.

Description

Keywords

Password security, User behaviour, Password strength, Password composition, Mixed-character usage, Cybersecurity

Citation

Proceedings Peradeniya University International Research Sessions (iPURSE) - 2014, University of Peradeniya, P 379

URI

https://ir.lib.pdn.ac.lk/handle/20.500.14444/6821

Collections

iPURSE 2014