The results of a statistical analytical research conducted at the University of Cyprus revealed dozens of secret credentials groups containing hacked passwords, about the six characteristics of passwords that are considered weaknesses, or invaluable "gifts" for attackers, as well as from Of every 142 passwords used globally, there is one known, common and weak one that is "123456" that makes it easier for hackers and cyber-crime professionals to infiltrate computers and information networks.
statistical analysis
Those results showed that passwords that were hacked and stolen from thousands of websites, institutions and companies, around the world, were leaked and published publicly over the dark internet, and they are readily available online, in hacking forums, file sharing portals, and major forums for programmers.
The researcher, a Turkish named Atta Huxel, published his research results on the "JetHub" forum for developers, which is attended by more than 50 million programmers and developers from all over the world, and is considered the largest of its kind ever, through its link page github.com/ FlameOfIgnis / Pwdb-Public, and confirmed that during the research, he performed a statistical examination and analysis, and a guaranteed analysis of just over a billion "passwords" stolen from different destinations around the world during the past five years.
The crisis of "123456"
The most prominent search results were that the world is already suffering from the weak common password crisis "123456" that many users resort to for its ease, whether when writing it or when remembering it at the moment of use, as this word appeared more than seven million times, between a billion stolen words, and this It means that one of every 142 passwords included in the analytical model for this research, there was a password «123456», and therefore it is the most used password online over the past five years.
Since it is weak, common and easy to guess, and criminals, hackers and attackers have repeatedly tested it, it effectively constitutes a crisis in the field of information security globally, as it is the "easiest and most likely outlet" for criminals.
General characteristics
Analyzes on one billion passwords have reached six common general characteristics in passwords used worldwide, which the researcher considered weak points, or invaluable "gifts" for attackers.
The first characteristic is that the average actual password length is 9.48 characters, while the recommended length to protect against existing advanced attacks is between 16 and 24 characters on average.
The second characteristic is that only 12.04% of passwords contain special characters, such as punctuation, for example, whose presence makes the password difficult to guess and crack.
The third adjective revealed that 28.79% of passwords are letters only, and do not contain numbers or special characters, and therefore they are of the type easy to guess and break.
The fourth characteristic was that 26.16% of the passwords are only lowercase letters, and this is a weakness in the interest of criminals as well, while the fifth characteristic is that 13.37% of the words are numbers only.
The sixth characteristic found that 34.41% of passwords end with numbers, and only 4.52% of them begin with numbers.
Simple and easy
The researcher confirms that all these specifications mean that 42% of the passwords used globally during the past five years are within the scope of simple and easy passwords, free of almost any complication, and therefore they help the success of password-breaking attacks in which the "Quick Dictionary" tool is used. »Which guesses and puts millions of passwords per minute, until it reaches the actual password.
100 billion passwords
Experts said during the celebration of the first World Day of Passwords that took place on the seventh of last May, that nearly 100 billion passwords are still in operation around the world, and it is likely to continue using them during the year 2020.
And the American company Microsoft revealed that about one billion and 150 million people around the world have given up the passwords they use to log in on computers, applications and various internet services.