Password cracking and Psychology (1)

Part 1: Top 10 basic rules

Rule 1: Most people overestimate the difficulty of deciphering passwords and underestimate the risks of their own passwords. Therefore, they often regard those who can crack passwords as mysterious characters, at the same time, there is little habit of changing your password.

Rule 2: Most people generally use no more than three passwords in their lifetime. If you crack someone's QQ password, you may have cracked his Forum password, email password, and game account password ......

Rule 3: In terms of gender, passwords for men are more difficult than for women. In terms of age, passwords for young people are more difficult to crack than those for people over 35 years old; from the perspective of education level, it is more difficult for people with a college degree or above to crack passwords than those with the following education levels, in addition, there is basically no difference in the difficulty of cracking passwords for people with a college degree, a bachelor's degree or a Master's degree. From a professional perspective, the passwords of science students are more difficult to crack than those of liberal arts students, it is the most difficult to crack the passwords of Students in computer-related majors.

Rule 4: the passwords of the vast majority of people are basically fixed, and random garbled passwords are extremely rare (I should say I have never met one before, but if it is such a password, there is no way to solve this problem ).

Rule 5: the passwords of most people are either composed of digits, lowercase letters, or letters. Only a few people use underscores, very few letters are case sensitive.

Rule 6: Many of the letters used in the password are the full or abbreviation of the name Pinyin and the name pinyin. The English word of a certain totem (usually a noun) -- the meaning of the totem will be later mentioned, the abbreviation of a unit name, And the pinyin or English and Its abbreviation of a place name.

Rule 7: There are many related dates in the number used for the password, and the date is of great significance to the password owner. There are also many problems related to place names and phone numbers.

Rule 8: use an underline password, which usually appears only once. Generally, the master password of this type of password is very sensitive and usually contains numbers and letters, the underline Of a password is usually separated by numbers and letters. A password with uppercase letters is usually only used once, and often appears at the beginning of the password, very few appear at the end.

Rule 9: unless the logon system has a strict number of digits, the number of digits of the password is usually 8 to 11, and the number of digits below 7 and more than 12 are rare.

Rule 10: passwords on a public network usually seldom contain personal information. Most of them are the full or partial names of the organization, Chinese or English, or abbreviations of English or pinyin, in addition, numbers with specific meanings are generally phone numbers or house numbers. In addition, some passwords are simple duplicates of the above-mentioned specific letters or abbreviations, such as 12341234 and abcabcabc; the password is rarely duplicated.