Data leaks: password setting habits of Chinese netizens

Data leaks: password setting habits of Chinese netizens

In 2014, it was another year in the history of network security, from large-scale leakage of Ctrip's credit card at the beginning of the year, to various open-source software vulnerabilities with strange names, then Sony was turned upside down by hackers. At the end of the year, hackers offered us a big dish-a credential stuffing event on the ticket Buying Network.

Network security events are so frequent that people's awareness of password protection naturally begins to increase. Media Websites have also issued a message asking users how to set secure passwords. Do not include frequently-used words in passwords. Do not use birthdays, mailboxes, usernames, and mobile phone numbers as passwords.

Is the security awareness of Chinese netizens sufficient when setting their own passwords? This document uses the data leaked by a ticket purchasing website at the end of 2014 as the data source to analyze the current password setting habits of Chinese netizens.

First, let's take a look at the overall situation of the leaked data. In this incident, information of a total of 131389 users was leaked, mainly after 80 and 90, with the highest proportion after 80, 65%, more than half of the 90 s. At present, the 80 s is still the main force in the leak.

Password setting taboos

One of the taboos: passwords contain frequently used words

According to the 0.13 million pieces of leaked data exposed on the Internet, many people still use frequently used words such as 123456, 1314, 520, and 521 when setting their own passwords, among them, there are as many as 520 users in the password. Suddenly we found that we were so loving.

Two taboos: Use a birthday Password

In this leak, 2326 people still use their 6-digit birthday numbers as their passwords! However, there are even more users whose passwords contain birthday numbers. Among these people who have made the password setting taboos, especially those in the Post-80 s, accounting for 83.8% of the total, far exceeding those in other age groups. It seems that using a password for a birthday is a common bad habit in the post 80 s.

Avoid 3: Use the user name and email address as the password

The leaked data gave us another "surprise". In fact, more than 1700 people use their registered usernames as their own passwords, and the users who use their registered email addresses as their passwords are even more serious, there are as many as 2396 people. Interestingly, the absolute proportion of people who are leaked after 90 s (the absolute proportion refers to the ratio of the number of mailboxes and user names used in different age groups to the total number of users in different age groups) far greater than other age groups. It seems that the habits of setting passwords after are different. As a post-80 editor, I think of a new word.

--- "Non-mainstream password after 90 ".

Taboo 4: using a cell phone as a password

In this leak, 81 users used their mobile phones as passwords. Among them, the absolute proportion after 60 (absolute proportion, that is, the ratio of the proportion of mobile phones used in different age groups to the total number of users in different age groups) is the highest, and with the decrease of age, this absolute proportion of usage habits gradually decreases.

Is it because the older the age, the more things you need to remember, the better the password you need to use. It is also quite excitable to think about this. After all, I still remember the most accurate mobile phone number and it is not easy to confuse it. (Hurry up and ask if my parents also use their cell phones as their passwords. I can't continue this way)

Password strength to be improved

After reading the secret set-up taboos, let's further look at the strength of the user password settings for this website:

We found that more than half of the users on the website still use a single password setup form, such as pure numbers or English. only 46% of the users who use the combined password are used. In such a highly sensitive and high-risk website, it is so easy to set passwords for so many users. In this case, the minimum number of password combinations used after the 80 s accounts for only 42%. In the 90 s, more than half of the combined passwords were used, which is 53.38%. It seems that the password security awareness in the post 90 s is slightly higher than that in the post 80 s.

In addition to the combination of letters and numbers to increase the password strength, the use of uppercase letters, underlines, @ and other special characters is also an important means to enhance the password strength. In this case, how does one set the password?

According to the leaked data, only 163 people use uppercase letters, underscores, @, and other special characters in their passwords. However, in this unfortunate data, we found something a little excited. Although there are not many users who use special characters, the post-90 s are brilliant. Even if the leaked data after the 90 s accounts for only 26% of the total leaked data, more than 32% of users are after the 90 s. After the 90 s, I once again proved my strong awareness of password protection.

Conclusion

Although the article on how to set a high-strength password is everywhere, a large number of users still follow the "secret" principle of password settings. It seems that the network security awareness of Chinese netizens still needs to be improved.

How to set high-strength passwords

Our team also offers you some tips on how to set high-strength passwords:

1. In terms of content, it should be information that you can remember, but is hard to associate with others. An individual with a cousin or colleague‍‍‍‍Information is more secure than your own. At the same time, you can choose a relatively private anniversary or word combination.‍‍

2. The form should include at least three of the following character types: uppercase letters, lowercase letters, numbers, and non-numeric characters (such ). At the same time, you can make some simple memory changes, such as I !, The letter o is changed to the number 0, 11 to 2ge1 (two ).‍‍

3. To make it easier to remember, try to make the content meaningful, but insert other characters or homophonic sounds, such as "just

You can be set to "juST4_U ". At the same time, the length can be stretched. For example, "shezhimima" can be changed to "s_he_zhi_mimA" (the characters are inserted at intervals and uppercase letters at specific locations), and "mypassword" can be changed to "M. Y. P. A. S. S. W. O. R. D-1 ". Or you can use the mathematical operator number to set the password, for example, "5*5 + 5 = 30? Yes !".‍‍

4. In addition, you can differentiate the security level of your own passwords. The passwords for banks and mailboxes are the highest, the passwords for social websites are relatively low, and those for Forum login are lower. Do not set passwords of different levels to the same. For high-level passwords, it is not only complicated to set, but also time-based modification.

Internet security risks faced by ordinary users are becoming more and more serious. In most cases, we still have to rely on a small password to protect us. This is the only straw that needs to be taken seriously.