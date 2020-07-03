A doctor of computer engineering has conducted what can in all respects be defined one of the largest studies on password reuse, in order to make users aware of the security measures to be taken when choosing a keyword for the services. Unfortunately, there is no shortage of surprises.

It has indeed emerged that one password out of 142 is still the classic “123456”. The implications of this use are potentially catastrophic, as it is not only extremely elementary and easy to identify, but it is also not very safe and does not respect the classic protocols such as alternation between upper and lower case letters, the presence of numbers and symbols.

Ata Hakcil has analyzed the passwords leaked following the violations of the services in the last half-decade and whose dumps are available online on sites like GitHub or GitLab or on various hacking forums.

Another incredible finding is that the dataset of over 1,000,000,000 credentials included only 168,919,919 unique passwords, of which over 7 million were the classic “123456”. The researcher also highlighted that the average password length is typically 9.48 characters, which is not completely to be rejected even though experts recommend passwords from 16 to 24 characters upwards.

This partially positive aspect is balanced by the fact that only 12% of passwords contain a special character: in 29% they are characterized only by letters and in 13% only by numbers. Full study results are available on Github.