Tag Archives: password

Password usage seems to follow Zipf distribution

Like word distributions and company sizes, frequency of usage of particular passwords seems to follow a Zipf distribution or power law distribution. That is, there are a lot of people that pick from a small common pool of passwords and that the number of people that use a particular password drops off quickly once you step away from that common pool.

passworddistributionMark Burnett’s research shows that, of a list of 10,000 ranked passwords:

  •  91% of users have a password from the top 1000 passwords
  • 79% of users have a password from the top 500 passwords
  • 40% of users have a password from the top 100 passwords

BTW, almost 5% of all users have the password, ‘password’.

List of top passwords here.  Heads up — there’s some colorful language in play here for popular passwords.

Default Passwords

Why is it important to change default passwords on hardware, applications, and other systems? Because the passwords are published and, in effect, not passwords at all.  A few responses from Googling ‘default passwords’ :

 

And there’s plenty more.

Lesson:

Default password = No password

Password management in small & medium sized businesses

Poor password policies and management can be an Achilles heal for any business.  Making it more challenging for small and medium sized businesses is that they often cannot afford to implement or support full Identify Access Management systems.  There is, however, some middle ground.