2024-09-16

Dates in Leaked Passwords

I have been playing with data from haveibeenpwned.com, especially I was exploring 8-digit passwords that look like dates.


I checked all dates between 19000101 and 20231231, where

- The date must be in the YYYYMMDD format

- Some invalid dates are also included, e.g. 19120231


Further, by default I only analyzed valid dates after 19240101.


By Year

1986 is the most popular year. It roughly forms a normal distribution. The distribution might review the distribution of the ages of the users (of the leaked services).


By Month & Day

It is clear that October, November and December are more popular than other months, but I think this is is because people may use 1912312 rather than 19120312.

We can also see a pattern for each month, especially 1st is more popular than other days.

Other than those, the passwords are roughly evenly distributed among all days.

The most popular dates are:
  • 0101, #=81516
  • 1010, #=79997
  • 1212, #=71724
  • 1111, #=62065
  • 1001, #=61109
Seems that they are just nice & easy patterns to type.

And the least popular dates are:
  • 0229, #=7075
  • 0731, #=20302
  • 0730, #=20846
  • 0531, #=21543
  • 0131, #=21646
0229 is obvious, but all other dates are all about the end of months, maybe this is not an coincidence.


By Day

31st is the least popular, which is obvious.

There's a sudden drop between 12th and 13th, which I don't really understand. This might contradict with my idea above, that people may type 9 instead of 09.



By Year & Month & Day

The most popular ones are:
  • 19870212, #=12359
  • 19821108, #=10812
  • 19941028, #=10097
  • 19810301, #=9528
  • 19960122, #=8906
The least popular ones (but appear in the database) are:
  • 19410417, #=1
  • 19410504, #=1
  • 19350824, #=1
  • 19290519, #=1
  • 19290525, #=1
Besides the popularily of the years, I cannot really draw any conclusions.


Invalid Dates

The most popular invalid dates are:
  • 19860229, #=362
  • 19820229, #=296
  • 19870229, #=228
  • 19890229, #=203
  • 19860230, #=192

Conclusions

By no means are the results scientific, it's just me having some fun.
If there's anything to remember, never use 19870212 as your password!

Posted by at

No comments:

Post a Comment