Germans and Koreans Pick the Strongest Passwords

• German and Korean speakers choose the strongest passwords, whereas Indonesians pick the weakest!
• People over the age of 55 pick passwords double the strength of people under 25 years old.
• People with a credit card stored on their account do little to increase their security other than avoiding very weak passwords
• People who change their password regularly tend to select the strongest ones.

These findings were presented three weeks ago at the Symposium of Security and Privacy in San Francisco. But how did Bonneau come up with these results? Apparently these results came after he analyzed the passwords of nearly 70 million Yahoo! users. Wait a minute; are you saying that he successfully managed to hack into Yahoo systems and stole 70 million Yahoo passwords? No no no, Bonneau is an honest guy; he did his research by using a security technique called hashing, which ensured he would not have the access to individual accounts.

How to measure password strength?

Yes, how do measure whether your password is strong or not? Here is a little explanation that I found NewScientist.com. It says “Password strength is measured in bits, where cracking one bit is equivalent to the chance of correctly calling a fair coin toss, and each additional bit doubles the password's strength”. From his research, Bonneau found out that the average strength of people’s passwords are 10 bits; means it takes about 1024 guesses to crack a password.

Weird thing is, a six-character password composed of digits and letters (recommendation by most security experts) offers 32 bits of security. So how could most people have less than 10bits password strength? According to Bonneau, the discrepancy is due to people picking much easier passwords than those theoretically allowed. Adding to that, he recommended people to use nine-character passwords instead. What did you say; a nine-character password is too long? Come on, I bet you are capable to remember 10 to 11 digits of phone numbers, so I believe remembering nine-character password is an easy case for all of us!

Most Common Password

This study reminds me of two studies about passwords in the past; one was conducted by Daniel Amitay and the other was conducted by Imperva, a company that creates software to block hackers.

Daniel Amitay, a student and an app developer, discovered the top 10 most common iPhone passcodes. Apparently, the most common iPhone passcodes are (drum roll): 1234! Next to 1234 is 0000. People can be very lazy sometomes!

^{Source: amitay.us}

In one article by the New York Times from two years ago, Imperva also revealed 32 most popular passwords on RockYou. Guess what the three most popular passwords were? 123456, 12345, and 123456789!

Seriously people, SERIOUSLY?! Like the famous meme of Professor Farnsworth from Futurama said, “I DON’T WANT TO LIVE ON THIS PLANET ANYMORE!”