Analysing Passwords .. We Are Human, BTW

Analysing Passwords .. We Are Human, BTW

We did a bit of an analysis of hashing passwords today, and asked our final year students a few questions around their password usage. Initially we asked which company they trusted most, and for them, it was Apple and Google that were the most trusted, with Twitter and Facebook trailing:

And for the risk of a hack, students felt that they worried most about Google Mail being hacked (as it was often their core identity reset account):

For passwords, it was good to see that most have more than 11 characters (with a few at 8 and 9):

For two factor authentication most students identified that they had set this set up:

For their passwords, it was the name of someone in the family and a memorable place that came top for their password usage:

And when forced to put an uppercase letter, we see that many just put it at the start:

And the highest number said that they only used one uppercase letter:

And when putting a number into the password, most put it at the end:

And the majority of students only have between 2 and 5 passwords that they move between:

And when the change their password, there was a bit of a split, with the majority completely changing their password:

And for the changes in the password, many changed a “o” to a “0”:

If you are interested here is the lecture:

Conclusions

Our ability to remember complex passwords, and we all do the same things … when asked to put an upper letter … we place at the start, for a number, we place at the end. We then change ‘o’ for zero, and so on. But the crackers know all these rules. Passwords should be made history soon, as they are flawed. A simple PIN, with multi-factor authentication is often a better approach.