Skip to main content
ldstephens

Results of one of the largest password re-use studies ever

Last month a Turkish student Ata Hakçıl studying computer engineering at the University of Cyprus did one of the largest password re-use studies ever. He analyzed more than 1 billion-plus leaked credentials from data breaches at various companies. These data dumps have been around for several years, and have been piling up as new companies are getting hacked.

Out of the 1 Billion credentials, 168,919,919 were passwords. The most common password 123456 was spotted 7 million times per billion credentials. The average password length was 9.5 characters and 87.96% of passwords didn’t contain special characters. And 34.41% of all passwords end with digits, but only 4.522% of all passwords start with digits.

Cool Stats

Here’s my takeaway from this:

  1. Massive amounts of people need to start using a password manager. This would allow for longer and more complex passwords and eliminate the need to re-use them.
  2. Only 12.89% of passwords contain special characters and only 4.52% of passwords start with a digit. So pick a password that starts with a number and includes special characters to avoid brute forcers.

If you’re not using a password manager then get started now. I’m using is Bitwarden. Bitwarden is open source, simple to use and best of all it’s FREE.

If you would like to see if any of your passwords have been breached you can check them at HaveIBenPwned.