In 1974,the introduction of one-way encryption (hashing) marked the first encryption of passwords.
In 1985, the Department of Defense Password Management Guideline was published.
Among other things, it recommended that passwords should be at least 7 characters long.
Users were encouraged to create longer passwords, typically ranging from 12 to 18 characters.
In recent years,passwordless authentication methods have grown in use.
Nevertheless, we expect the number of passwords to continue to increase.
The most difficult password to crack from the list is g_czechout, taking approximately 12 days.
Interestingly, the US is the only country where secret ranks as the top pick.
Still, as far as insecure passwords go, nothing beats Australias and the UKs most common one password.
However, taking a closer look at the top lists reveals some interesting findings.
Or salasana in Sweden and jelszo in Hungary, which both translate to password.
According to the report,Gen Z is the most prone to password mishaps.
Despite this, 51% of Gen Z use memorization to keep track of their passwords.
Respondents also reported using more complex passwords for certain types of accounts.
This demonstrates a tendency to prioritize security for accounts perceived as more sensitive.
We discuss our methodology and findings below.
For privacy protection and confidentiality, we destroyed all identifiable information, like usernames and emails.
This required coding programs to access and analyze the information.
Next, we used different Python scripts to check the possible combinations of numbers and letters for each password.
Such complex passwords significantly extend the cracking time, potentially reaching decades or even centuries for very strong passwords.
On the other hand, passwords composed exclusively of symbols have the lowest prevalence out of all combinations.
For instance,in 2024, only 20 out of 780,794 users opted to use only symbols.
Email addresses and salted hashes of passwords for approximately 68 million users were leaked.
GitHub responded by resetting passwords for the compromised accounts.
They also revoked personal access tokens, OAuth authorizations, and SSH keys for those accounts.
Users were urged to enable two-factor authentication and be more responsible with their password choices.
While these policies aim to enhance security, research indicates that they can frustrate users and be counterproductive.
For example,a 2020 James Cook University study revealed that increasing password restrictions frustrates users.
This frustration led to 75% of participants using different strategies to remember their passwords.
Some of these strategies, like using the same password for multiple sites, significantly compromised their security.
Similarly, the use of password management tools can significantly influence user behavior related to password security and management.
