Character patterns in passwords

Alexander Fishkov

Alexander Fishkov, Ph.D. student Computer Science

In this post, we return to the collection of 10 million passwords. Now we are interested in uncovering the common character patterns in passwords. To strengthen their password, people add numbers or special characters, and we can explore what combinations of these people usually use.

To encode character patterns we use the following notation: “a denotes one or more Latin letters, “0” denotes one or more digits and “$” denotes special characters not belonging two previous groups. According to this scheme, “John314@” will be encoded as “a0$”.

As we can see, most people use only letters and numbers, gradually increasing the number of character groups. The top 10 patterns contain no special characters. The longest pattern in passwords is “0a0a0a0a0a0a0a0a0a0a0a0a0a0a”, which was used two times.

If we look into logins, the situation is only slightly different. Special characters are more common. This includes “firstname.lastname” and “word-number” patterns. The longest pattern in logins is “a$a$a$a$a$a$a$a$a$a$a$a$a$a$a”, containing 29 character groups. The surprising thing is that this pattern was used not just once, but three times.

In one of our previous posts, we analyzed the use of whole words in passwords dataset. Here we combine it with our pattern searching technique to see how people try to make their password stronger if they use words. Here we use a more easily readable notation for the patterns: character group titles are separated by a dash.

Obfuscating words with numbers with numbers and letters is more popular than using special characters. In fact, no pattern with special characters made it to the top (here we only considered patterns with words). We can also note that digits are usually added after words, while letters can sometimes appear before. Surprisingly, a simple pattern of a few words in a row is rarely used: only one ‘two words’ pattern made it to the top 25.

Discuss this article on our forum with over 1,900,000 registered members.

About Alexander Fishkov

Alexander Fishkov

Alexander Fishkov, Ph.D. student Computer Science

Alexander is a Ph.D. student in Computer Science. He currently holds B.S. and M.S. degrees in Applied Math. He has experience working for industry major companies performing research in the fields of machine learning, data mining and natural language processing. In his free time, Alexander enjoys hiking, Nordic skiing and traveling.

Other posts by Alexander Fishkov:

One thought on “Character patterns in passwords”

  1. This is a delightfully irritating topic since I still can’t immediately recognize the difference between a new account asking for me to use my e-mail address as my user name, and then asks for a password which I don’t know is not suppose to be my password for accessing my e-mails. God is wonderously creative in preparing new generations for this experience called life on Earth. Where we began, God leads us on a wild goose chase to find out. He alone exists when there is nothing, and mercifully sends us into the unknown called life to find out where He will end -which does not exist and never has existed for as long as there has been life on Earth.

Leave a Reply

Your email address will not be published. Required fields are marked *