Pages

Wednesday, October 7, 2009

Password analysis for Windows Live Hotmail users

There’s again news that user account database is available in the Internet. Now it is about Windows Live Mail users. The origin says that more than 10000 passwords of Hotmail user accounts are in public access. I could not miss it, and brief googling leads me to the true origin. Now pastebin.com server operates unstably but google cache works perfectly:)

So, firstly, the list of published and sorted (without repetitions) accounts includes only accounts that start from letters "a" and "b". It means that the full list of users is much bigger than the published list. If we assume that there are about 4000-5000 accounts for every English alphabet letter it’s easy to calculate that the full list of compromised accounts could reach 150000.

Secondly, only 9238 of 10028 published accounts are legitimate. If we also consider Hotmail restriction policy that requires password length to be no less than 6 characters, only 8250 accounts are legitimate.

Here are the results for used charset for the whole password list:

This is the similar diagram, considering Hotmail password policy:


As you can see, the graphics are almost identical.

Comparing with similar data on corporate users [1] and user passwords from VKontakte social service [2], the diagram is the following:


And this is a diagram by password lengths:


Assuming that the most part of Hotmail users are foreign Internet users, we can see the difference in how Russian and foreign users choose passwords. Our nationals prefer numerals but foreign users prefer English alphabet characters in lower case. On the other hand, Russian users choose longer passwords.

Here’s TOP50 of the most widespread passwords for Hotmail user accounts:

  1. 123456
  2. 123456789
  3. alejandra
  4. 111111
  5. alejandro
  6. tequiero
  7. 12345678
  8. 1234567
  9. alberto
  10. daniel
  11. 000000
  12. ESTRELLA
  13. beatriz
  14. roberto
  15. sebastian
  16. andrea
  17. iloveyou
  18. bonita
  19. felicidad
  20. 555555
  21. amigos
  22. brujita
  23. america
  24. arturo
  25. Princesa
  26. 666666
  27. BETITO
  28. mariposa
  29. 777777
  30. ricardo
  31. asdfgh
  32. rosita
  33. piscis
  34. caballo
  35. cristina
  36. gatito
  37. 112233
  38. angelica
  39. junior
  40. 123123
  41. barbara
  42. libertad
  43. adriana
  44. angelito
  45. carolina
  46. 654321
  47. felipe
  48. ximena
  49. paloma
  50. Esperanza

If we analyze the list of the most widespread passwords in Hotmail accounts, we can see that very often user name is used as a password. However, numeral combinations 123456, 1234567, 12345678 and 123456789 are in TOP10, as in used passwords statistics in Russian companies. They are considered as leaders among the "most favorite passwords for users all over the world" :)

2 comments: