Misc

Hotmail breach

There was recently a password breach on hotmail and some other services. I was curious to see what type of passwords people actually use. I managed to obtain the account names and passwords for accounts starting with A and B. I haven't looked at this much in detail, but I did look at the amount of repetition in passwords, as shown in the below picture.

The most interesting takeaway is that only 588 (unique) passwords are repeated out of 8928. This reflects 1498 users sharing a password out of 9838. In other words, 84.8% of users have a unique password, which is surprising (to me, at least).

Unsurprisingly, users have short passwords. Some other analysis showed that 4268/9838 passwords consisted only of lower case letters. 8611/9838 consisted of lower case letters and numbers. 9252/9838 consisted of lower case letters, upper case letters, and numbers. The other passwords had other characters present (symbols, space, etc.)

There seems to be a relationship between the character sets used in the password and the length. Specifically, passwords using simpler character sets (i.e., lower case characters only) seem to have shorter passwords.

$Id: misc.html 397 2009-10-16 18:48:41Z edmcman $