A brand new analysis based on a data leak of more than a billion pieces of information reveals that one password out of 142 is: “123456”. The study was conducted by computer engineering student Ata Hakçıl. He used hacked databases that include more and more information as soon as a new company is hacked. Getting your hands on such resources is quite simple. Ata Hakçıl simply went to GitHub or GitLab, as well as many forums to find these files.
Many web giants such as Google, Microsoft, or Apple use this same technique to create alert messages when the chosen password is considered too weak. This is also the way of working of the Have I Been Pwned site.
12% passwords without special characters.
According to the study conducted by Ata Hakçıl, out of 1 billion passwords, 168,919,919 are unique passwords and more than 7 million were the sequence of characters: “123456. To date, this is the weakest password, and it would therefore be used in one case out of 142. Ata Hakçıl makes another interesting discovery. According to his research, most passwords are usually 9.48 characters long, which is good, but not so much either. Indeed, security experts prefer passwords between 16 and 24 characters for reasonable security. On the other hand, the computer science student explains that only 12% of passwords use a special character, which is very few.
In most cases, users therefore choose very simple passwords, using only letters (29%) or numbers (13%). This means that 42% of passwords are considered very vulnerable and very easy for a hacker to find. Ata Hakçıl has made the results public on GitHub, you can easily have a look at them. Hopefully this will push some of you to be more vigilant with passwords.