Password analysis for Windows Live Hotmail users

There’s again news that user account database is available in the Internet. Now it is about Windows Live Mail users. The origin says that more than 10000 passwords of Hotmail user accounts are in public access. I could not miss it, and brief googling leads me to the true origin. Now pastebin.com server operates unstably but google cache works perfectly:)

So, firstly, the list of published and sorted (without repetitions) accounts includes only accounts that start from letters "a" and "b". It means that the full list of users is much bigger than the published list. If we assume that there are about 4000-5000 accounts for every English alphabet letter it’s easy to calculate that the full list of compromised accounts could reach 150000.

Secondly, only 9238 of 10028 published accounts are legitimate. If we also consider Hotmail restriction policy that requires password length to be no less than 6 characters, only 8250 accounts are legitimate.

Here are the results for used charset for the whole password list:

This is the similar diagram, considering Hotmail password policy:


As you can see, the graphics are almost identical.

Comparing with similar data on corporate users [1] and user passwords from VKontakte social service [2], the diagram is the following:


And this is a diagram by password lengths:


Assuming that the most part of Hotmail users are foreign Internet users, we can see the difference in how Russian and foreign users choose passwords. Our nationals prefer numerals but foreign users prefer English alphabet characters in lower case. On the other hand, Russian users choose longer passwords.

Here’s TOP50 of the most widespread passwords for Hotmail user accounts:

1. 123456
2. 123456789
3. alejandra
4. 111111
5. alejandro
6. tequiero
7. 12345678
8. 1234567
9. alberto
10. daniel
11. 000000
12. ESTRELLA
13. beatriz
14. roberto
15. sebastian
16. andrea
17. iloveyou
18. bonita
19. felicidad
20. 555555
21. amigos
22. brujita
23. america
24. arturo
25. Princesa
26. 666666
27. BETITO
28. mariposa
29. 777777
30. ricardo
31. asdfgh
32. rosita
33. piscis
34. caballo
35. cristina
36. gatito
37. 112233
38. angelica
39. junior
40. 123123
41. barbara
42. libertad
43. adriana
44. angelito
45. carolina
46. 654321
47. felipe
48. ximena
49. paloma
    
50. Esperanza

If we analyze the list of the most widespread passwords in Hotmail accounts, we can see that very often user name is used as a password. However, numeral combinations 123456, 1234567, 12345678 and 123456789 are in TOP10, as in used passwords statistics in Russian companies. They are considered as leaders among the "most favorite passwords for users all over the world" :)