Collection #1 Password Analysis

by Eric Smith, FireOak Strategies Chief Technologist & Information Security Officer

February 15, 2019

In January 2019, a massive database of email addresses and passwords was released on the internet. The collection included over 773 million unique email addresses and 21 million unique passwords, credentials that were assembled from many data breaches.

Password Popularity - Collection #1

The FireOak information security team has analyzed the collection. Two of our key takeaways:

1. Weak, common, and easily-guessable passwords are still heavily in use. 

2. Password re-use continues to be rampant. 

The image above includes the most-often used passwords -- all of which are weak, common, and easily-guessable.

Collectively, these 23 passwords appeared in the collection
over 65 million times.

These two practices -- using weak, common, and easily-guessable passwords and re-using passwords across multiple sites -- put your personal information and data at risk. And since passwords are re-used between work and personal accounts, you’re also putting your organization’s data and information at risk.

Improve your password hygiene. A few quick tips:

  • Use a password manager to help you store and manage your unique passwords.
  • Never re-use passwords.
  • Length matters: use long, complex combinations of words and phrases.
  • Use multi-factor authentication on every site that supports it.

Additional Resources about Collection #1:

Eric Smith is the FireOak Strategies Chief Technologist and Information Security Officer. He writes and presents on all-things infosec. You can follow Eric on Twitter at @FireOakCISO