So, firstly, the list of published and sorted (without repetitions) accounts includes only accounts that start from letters "a" and "b". It means that the full list of users is much bigger than the published list. If we assume that there are about 4000-5000 accounts for every English alphabet letter it’s easy to calculate that the full list of compromised accounts could reach 150000.
Secondly, only 9238 of 10028 published accounts are legitimate. If we also consider Hotmail restriction policy that requires password length to be no less than 6 characters, only 8250 accounts are legitimate.
Here are the results for used charset for the whole password list:

This is the similar diagram, considering Hotmail password policy:

As you can see, the graphics are almost identical.
Comparing with similar data on corporate users [1] and user passwords from VKontakte social service [2], the diagram is the following:

And this is a diagram by password lengths:

Assuming that the most part of Hotmail users are foreign Internet users, we can see the difference in how Russian and foreign users choose passwords. Our nationals prefer numerals but foreign users prefer English alphabet characters in lower case. On the other hand, Russian users choose longer passwords.
Here’s TOP50 of the most widespread passwords for Hotmail user accounts:
- 123456
- 123456789
- alejandra
- 111111
- alejandro
- tequiero
- 12345678
- 1234567
- alberto
- daniel
- 000000
- ESTRELLA
- beatriz
- roberto
- sebastian
- andrea
- iloveyou
- bonita
- felicidad
- 555555
- amigos
- brujita
- america
- arturo
- Princesa
- 666666
- BETITO
- mariposa
- 777777
- ricardo
- asdfgh
- rosita
- piscis
- caballo
- cristina
- gatito
- 112233
- angelica
- junior
- 123123
- barbara
- libertad
- adriana
- angelito
- carolina
- 654321
- felipe
- ximena
- paloma
- Esperanza
If we analyze the list of the most widespread passwords in Hotmail accounts, we can see that very often user name is used as a password. However, numeral combinations 123456, 1234567, 12345678 and 123456789 are in TOP10, as in used passwords statistics in Russian companies. They are considered as leaders among the "most favorite passwords for users all over the world" :)
This comment has been removed by a blog administrator.
ReplyDeleteThis comment has been removed by a blog administrator.
ReplyDelete