Posts

Your password isn’t as random as you think — Zipf’s law

Image
Treat your password like your toothbrush. Don’t let anybody else use it, and get a new one every six months   -Clifford Stoll R ecently I got a mail to check whether any of my accounts have been breached. Have I been pwned is a site active since 2013 used to check whether any of your accounts have been compromised. So I went over there and typed in my password ….7 breached sites and 12 pastes! This doesn’t make any sense! So I dug in a little deeper to understand just how “hackable” my password truly was. Knowing full well that password guessing might not be the strategy adopted by a hacker, I had to figure out if all these passwords indeed were as random or did their occurrence have some inherent patterns. Chances are unless you are adding some sort of personal detail to your password it might already be in use by thousands of users across the world. To show this I’ve accumulated data from accounts of approximately 5 million users that got leaked. Bear in mind this data ha