The passwords we use on the internet are usually short, simple and easy to crack. Not due to lack of effort when thinking about them, at least not in all cases, but because we tend to use words, numbers and combinations of both with symbols that follow patterns common to the reasoning of a good part of human beings, as revealed by un study of the company WP Engine.
This research, using a sample of 10 million human-devised passwords, reveals that the most common combination to protect accounts of any internet platform is “123456”, the second the English word “password”, the third “12345678”, the fourth “qwerty”, and so on up to 50 compositions.
Additionally, WP Engine researchers also identify the most common word and number combinations. For example, almost 24% of users who chose to put a number at the end of their password were limited to putting a 1, almost 7% a 2, and 3.5% a 12. And they highlight that a good number of people used the same word that appeared in their username in the password.
Another combination they identified was the 20 most frequently used keyboard patterns. “Qwerty” occupies an outstanding first position, and most of them have to do with simple paths that can be easily remembered, tales como “q1w2e3r4t5”, “asdfgh” o “qwer1234”.
Only one of those 20 keyboard combinations puzzled the researchers, because it apparently followed no simple pattern: adgjmptw. But they soon unraveled the mystery, it was about the first letter assigned to each number on mobile phone keyboards if you follow a dial from 1 to 9. Your mistake was to think only of computers in a world dominated by smartphones.
Those responsible for this study explain that people unconsciously enter easily identifiable patterns in their passwords, so a good decryptor can set rules from those patterns that significantly speed up the decryption of these combinations.
They also point out that research into those ten million passwords has revealed that the longer they are, the more difficult they are to crack. This is because the longer length implies a higher number of combinations of words, numbers and symbols, which makes it difficult to find out. Despite this, the average length of the passwords studied was 8 characters.
Images 2 and 3 | WP Engine