Popular numbers used in leaked passwords

Last time we’ve seen some popular fictional passwords, and how they are used in Exploit.in – a collection of 739,861,478 leaked passwords. I wanted to take another look at some popular numbers and how they are used in passwords.

π

How many digits of Pi have you memorized? I’ve got 6 digits after the decimal: 3.141592. Not bad, but could be better. Let’s see how far the Exploit.in community takes it:
17,713 password have exactly 7 decimal places of Pi (1415926). 1,626 have 10 decimal digits. The record is a single password with 37 digits of Pi – 1415926535 8979323846 2643383279 502884179. The last two digits in that password are cunningly reversed (79 instead of 97), so unfortunately they don’t count.

Here’s a breakdown for the digits of Pi in passwords:

Math constants

Same as with Pi, I’m only considering digits after the decimal point:

Value Digits Passwords
e 7182818284 337
e 71828182845904523536 7
√2 4142135623 114
√3 7320508075 21
Phi 6180339887 86
Euler Mascheroni 5772156649 1

Didn’t make it: Conway’s Constant, Khinchin’s constant, and Glaisher Kinkelin.

Fibonacci sequence

One advantage of the Fibonacci sequence is that if you forget your password you can always calculate it. 25,316 unforgettable passwords contain 8 Fibonacci numbers (1 through 21). Only 4 passwords make it all the way to the 15th number, 610:

Physics and Chemistry constants

Number Digits Passwords
Light Speed Meters/Second 299792458 1988
Light Speed Miles/Second 186282 298
Light Speed Kilometers/Second 299792 2561
Light Speed Miles/Hour 670616629 1
Avogadro 6.02×1023 6021023 259
Avogadro 6.022×1023 60221023 73

Avogadro passwords that make good use of special characters include m602x1023e and 602*1023.

Pop-culture numbers

Unsurprisingly, numbers that appear on TV or song lyrics make their appearance in passwords. I couldn’t find too many examples:

Music

Tommy Tutone 867-5309 / Jenny 8675309 (Exact password) 13894
Tommy Tutone 868-5309 / Jenny 8675310 (contain) 28231
Queens of the Stone Age Regular John 16278263789 7

LOST

40,430 passwords are exactly 4815162342. Additional 34,318 password contain 4815162342, and another 1,058 passwords have The Numbers with separators, for example L48O1516S2342T.

See also

For a more serious analysis of password trends and common patterns:

Advertisements

Speak Friend and Enter – Do people actually use movie passwords?

Can you think of a famous password, such as one used in a book or a movie? Do people see passwords being typed on screen and think “hey, now that is a pretty good password…”? I downloaded the Exploit.in combo list containing over seven hundred million leaked logins and tried to look how often than happens.

Famous passwords used in real leaked passwords:

The clear winner here is Mission Impossible with 948 password containing AW96B6. A nice second is TrustNo1 from The X-Files which appears in 629 passwords. Next we have 386 passwords containing Swordfish – a classic password from 1932 with its own Wikipedia page.
The safe combination from Inception, 528491 is used in 168 passwords, sometimes accompanied by character names like 528491c0bb or eames528491.

mission-impossible-server-room

“Damn it, Ethan, you don’t have to press Caps Lock for each letter…”

I thought many The Lord of the Rings fans will choose “Speak Friend” as their password – but not even one person did. The elf word for “friend”, Mellon, appears 107 times. We also have 6 YouShallNotPass, and even one SpamShallNotPass.
Finally, there are 11 My Preciouses, including My Cat Precious and My Precious Girl (which still count! we have to be fair toward other phrases that didn’t get this level of scrutiny).

Movie or Book Title Password Count
Mission Impossible AW96B6 948
The X-Files TrustNo1 629
Horse Feathers Swordfish 386
Die Hard Akagi (Whole word) 241
Inception 528491 (Exact number) 168
LotR Mellon 107
Arabian Nights Open Sesame 37
Watchmen Rameses 2 18
Casino Royale 836547 (Exact number) 14
LotR My Precious 11
LotR Shall Not Pass 7
Watchmen Rameses II 6
National Treasure Valley Forge 3
Who Framed Roger Rabbit Walt sent me 1
The Net Natoar23ae 1
Tron Reindeer Flotilla 0
Matrix Zion 0101 0
LotR Cannot Pass 0

Harry Potter

I didn’t plan on having so many Harry Potter passwords, but the good people at wikia made it too easy – they have a page with dozens of passwords used in the books. I’ve split them into three types:

Harry Potter passwords that are also Latin or other known phrases or snacks:

Password Count
Acid Pops 377
Fizzy Pop 259
Baubles 241
Alea iacta est 179
Catweazle 135
Quid Agis 31

Harry Potter Pass-phrases

Password Count
Dumbledore 23
Balderdash 8
Studious Success 6
Tapeworm 3
Caput Draconis 2
Flibbertigibbet 2
Pig Snout 1
Fortuna Major 1

Passwords based on Harry Potter spells:

Spell Brief Description Count
Accio (Contained in password as a whole word) Fetch something. Reasonable password. 885
Accio (The whole password is just “accio” with no additional characters.) 555
Stupefy 223
Alohomora Open locks. Makes sense. 68
Imperio 35
Crucio 17
Avada Kedavra 15
Expelliarmus 9
Sectumsempra 5
Impedimenta 3
Reparo 3
Expecto Patronum 2
Confundus 1

No muggle had used any of the following passwords:
Wattlebird, Oddsbodikins, Scurvy Cur, Banana Fritters, Fairy Lights, Mimbulus Mimbletonia, Abstinence, Dilligrout, Sherbet lemon, Cockroach cluster, Fizzing Whizzbees, Toffee Eclairs, Chocolate Frogs, Dissendium, Slytherins are Supreme, Facta non verba, Sea Serpent, This Password is Absurd, Libraries Liberate, Dragon s Egg, Light against Darkness, Chops and Gravy, Dashing Cadogan, Forget Me Never, Lunartickle, Surreptitiousness, Wanglewort, up to no good, nor Mischief Managed.

I see “This Password is Absurd” is up for grabs, so I’m calling it – this is my password now.

Technical Details

I’ve found the combo list on Google. It took me about an hour before I know the term “combo” or the name “Exploit.in”. I will not link it from here though.
The combo contains 111 files with lines in the format {email}:{password}, for example:

jane@example.com:12345
bob@example.com:pa$$word

From each line I’ve kept just the password and the TLD. I’ve loaded all data to an SQLite database, and grouped identical rows – keeping the count, of course. Having the data SQL made analyzing it very easy.
To automate some of queries I used KNIME – not so much for its analytics, mainly because is automatically saves results to disk.
PasswordsKnimeWorkflow

Password comparisons were all case-insensitive, and multi-word password are filtered using SQL Like, as where password like '%fizzy%pop%'.

Bonus

2,289,587 Spaceballs fans use 12345 as the first number in their passwords. 601,874 have 12345 as their entire password.

Getting Stack Overflow votes by choosing a cuter icon

I have posted 1,386 answers on Stack Overflow. That’s quite a lot.
A few of my answers are popular – they pop up on Google as top results. Some of these get voted every day. Even when I am not active on Stack Overflow, I still get a few dozens reputation points almost daily. Lucky me!
Recently I got an idea – are people more likely to vote if they like the user icon? Can changing my icon get me more votes each day?
Currently I have over 93K reputation points – would I have gotten to 100,000 already had I a different icon all of these years?
I checked.

I picked my 30 most popular answers and tracked the votes they were getting each hour. I also tracked how many views and votes their questions were getting.
Each week on Sunday I changed my user icon. Here are the icons I used:
Flag of the USA Flag of India Plush Fox Suzi in a Hat (that's my amazing wife) Kobi (that's me)

  • The flag of the United States of America. The greatest country in the world.
  • The flag of India.
  • A photo of a plush fox from Japan.
  • My wife Suzi wearing a hat. She volunteered.
  • Me and my regular icon. Looking at it again, it is a little over-exposed, and I look a little pale.

Results

StackOverflowVotesTotal
Both flags performed poorly, while the Fox and Suzi Wearing a Hat did best.
It also makes sense to look at how many views we got each day:
StackOverflowViewsPerDay
StackOverflowVotesPerView
The number of views is similar each week. Still, relative to the total number of views, it looks like Fox performed a little better than Suzi Wearing a Hat. This trend also appears on a daily breakdown:
StackOverflowVotesAnswerVoteDay

Flags

I picked the flags of the USA and India mainly because of the time difference between them – there is almost no intersection of the working hours between India and the USA. I wanted to see if the icon affects the times I was getting votes. That didn’t work:
The greatest nation in the world, and the biggest democracy in the world

Question Statistics

The question voting statistics weren’t constant either. This reflects poorly on the previous results – it is possible it is all random.
StackOverflowQuestionVotesPerViewStackOverflowQuestionVotePerDay

Is this a thing? Time for Round II!

I took the Fox and the USA flag to a second round, to see how they did:
StackOverflowVotesTotal2StackOverflowVotesPerView2 Even after a month the fox and flag had consistent results!

Conclusion?

I think it worked! Changing the icon seems to affect how many votes I’m getting.
Thanks!

StackOverflowFoxMugBackground

Disclaimers

  1. Maybe the numbers are too small for a meaningful conclusion.
  2. I don’t even know enough statistics to write an Hello World program in R.
  3. There was an outlier during the second USA flag run – one question received a lot of views. It doesn’t affects the results much, even when zeroed out.
  4. USA Flag re-run got a down-vote. I didn’t count it.
  5. In 2017-06-01 the icon Kobi stole one vote from Suzi Wearing a Hat. Its score should be a little higher.
  6. All times suffer from an off-by-one error: each hour at X:17 I took statistics that belong to X-1:00. I don’t really care.

Bonus:
StackOverflowStatisticsCommentStupidPeople