Techwhizz|Your Daily Technology Update

Few days back it was reported on many sites that 10,000 Windows Live Hotmail accounts were leaked. Username and passwords of these accounts were published on PasteBin. These accounts were analyze by web security experts and Bogdan Calin is one of them. He has released some very interesting and detailed statistics in his report.

It is assumed by security analyst that all this information is gathered using phishing techniques. A fake Hotmail/Live like webpage was created to get the credential from the users. By just giving a quick look on statistics you would be amazed by knowing the fact that“123456” is at the top of 20 most common passwords.

Top 20 most common Hotmail passwords:

1. 123456 – 64
2. 123456789 – 18
3. alejandra – 11
4. 111111 – 10
5. alberto – 9
6. tequiero – 9
7. alejandro – 9
8. 12345678 – 9
9. 1234567 – 8
10. estrella – 7
11. iloveyou – 7
12. daniel – 7
13. 000000 – 7
14. roberto – 7
15. 654321 – 6
16. bonita – 6
17. sebastian – 6
18. beatriz – 6
19. mariposa – 5
20. america – 5

By looking at the above passwords it is believed that Latino community was a main target in this attack.

Password length distribution:

1 chars – 2 – 0 %
2 chars – 4 – 0 %
3 chars – 4 – 0 %
4 chars – 31 – 0 %
5 chars – 49 – 1 %
6 chars – 1946 – 22 %
7 chars – 1254 – 14 %
8 chars – 1838 – 21 %
9 chars – 1091 – 12 %
10 chars – 772 – 9 %
11 chars – 527 – 6 %
12 chars – 431 – 5 %
13 chars – 290 – 3 %
14 chars – 219 – 2 %
15 chars – 157 – 2 %
16 chars – 190 – 2 %
17 chars – 56 – 1 %
18 chars – 17 – 0 %
19 chars – 7 – 0 %
20 chars – 14 – 0 %
21 chars – 10 – 0 %
22 chars – 8 – 0 %
23 chars – 3 – 0 %
24 chars – 3 – 0 %
25 chars – 3 – 0 %
26 chars – 0 – 0 %
27 chars – 3 – 0 %
28 chars – 0 – 0 %
29 chars – 1 – 0 %
30 chars – 1 – 0 %

Above data shows the average password length is 8 characters.

What kind of passwords were in the list? :

3,713 = 42 %; lower alpha passwords : passwords containing only characters from ‘a’ to ‘z’.
Example : iloveyou

291 = 3 %; mixed case alpha passwords : passwords containing characters from ‘a’ to ‘z’ and from ‘A’ to ‘Z’.
Example: ILoveYou

1707 = 19 %; numeric passwords: passwords containing only numbers (’0′ to ‘9′)
Example: 123456

2655 = 30 %; mixed alpha and numeric passwords: passwords containing characters from ‘a’-’z’, ‘A’-’Z’ and ‘0′-’9′.
Example: Iloveyou12

565 = 6 %; mixed alpha + numeric + other characters.
Example: 1Love You$%@

As we can see and conclude from the list above, a big majority of users still use very poor passwords: 42 % (lower alpha only) and 19 % (numeric only), while only 6 % from all the passwords had passwords which use a selection of alpha numeric and other characters.