Below are some links to sites which show statistics on various password frequency, some based on hacked password systems.
A summary on passwords - from where I do not remember - We have succeeded in enfacing passwords which are difficult for us humans to use/remeber, and easy for computers to (hackers) to break. https://qz.com/772977/millions-of-stolen-last-fm-passwords-have-been-decrypted-these-are-the-top-50/ http://www.jbonneau.com/doc/B12-IEEESP-analyzing_70M_anonymized_passwords.pdf (note : pdf) http://www.microsoft.com/en-us/research/publication/a-large-scale-study-of-web-password-habits/ a place for discussion of passwords and related topics : http://reddit.com/r/passwords (an interesting link from there) https://www.servethehome.com/password-cracking-with-8x-nvidia-gtx-1080-ti-gpus/ Summary: using about $15,000 in computer/GPUs they were getting up to 441 BILLION hashes a second (MD4) They were also using a bit over 3kw of power to do so.... (article says about $1/hour in electricity) ignoring a lot of stuff... at that hash rate: a 5 character password, which allows 128 characters (basic ascii) COMPLETELY BY BRUTE FORCE falls in just over 9 hours. That is 128^5 (34,359,738,368). One analysis I read - I can't find it again - not only looked at common passwords, but at common passwords of varying length. i.e. the most common 8 character, 6 character 10 character etc passwords. The commonest 25 or 30% of passwords fell into the stupid category 1111..., 22222... etc They also looked at common 4 and 6 digit PINs. besides the obvious 1234, 1111 etc they also looked at entry patterns so passwords that were common, but did not on the surface make sense such as 1397, 7931, 7139 etc, when examined in light of the standard key pad did make sense as these are all variations on the 'outer corners' of the keypad. Other patterns of entry were also discovered, diagonals (951x), down the middle (8520), etc. As I recall, between stupid simple PINs 1111, 2222 etc, and basic keypad patterns something like 65% of PINs were covered. My take on passwords: - they keep honest people honest. - passwords for sites which are 1 time use, and do not have access to $ (credit cards, etc) Who cares what the password is. Use an easy to remember 'junk' password. - Sites/apps which have access to $ - use a 'good' password (random so that social engineering doesn't help, or phrases), stored in a password manager (I use a custom one I wrote in 4D of course). - Sites which ask 'security questions' - use the same random string generator for the answers and store them too. - given sufficient incentive, time, and $ any password can be cracked, or the site/app hacked to either expose or by-pass a password. - Bio-metrics -- **BAD** idea, maybe I watch/read too much Science fiction, but... the loss of a body part to an interested party.. I'll pass thank you. On Mon, 26 Jun 2017 16:32:35 -0600, Cannon Smith via 4D_Tech wrote: > I can’t agree more with what David has said about passwords. Here is > another article about it including a comic that I like: > > > <https://blog.agilebits.com/2011/08/10/better-master-passwords-the-geek-edition/> > > -- > Cannon.Smith > Synergy Farm Solutions Inc. > Hill Spring, AB Canada > 403-626-3236 > <can...@synergyfarmsolutions.com> > <www.synergyfarmsolutions.com> > > >> On Jun 26, 2017, at 3:49 PM, David Adams via 4D_Tech >> <4d_tech@lists.4d.com> wrote: >> >> I didn't >> find the reference I wanted for this > > ********************************************************************** > 4D Internet Users Group (4D iNUG) > FAQ: http://lists.4d.com/faqnug.html > Archive: http://lists.4d.com/archives.html > Options: http://lists.4d.com/mailman/options/4d_tech > Unsub: mailto:4d_tech-unsubscr...@lists.4d.com > ********************************************************************** --------------- Gas is for washing parts Alcohol is for drinkin' Nitromethane is for racing ********************************************************************** 4D Internet Users Group (4D iNUG) FAQ: http://lists.4d.com/faqnug.html Archive: http://lists.4d.com/archives.html Options: http://lists.4d.com/mailman/options/4d_tech Unsub: mailto:4d_tech-unsubscr...@lists.4d.com **********************************************************************
