The weak and the strong password preferences: A case study on Turkish users

Considering the computer authentication, any password shall not only be private to its owner but also be chosen as not to be predicted easily by others. The passwords used in authentication processes of any critical system should be strong as not to be cracked easily. In this context, the strong password choice gets significance for the general system security. This study aims to reveal the proper and improper properties on password preferences via examining the real samples. The method used in this work is first to gather the real passwords in plaintext, then to crack the encrypted forms of them and finally to investigate statistical queries on those passwords in order to distinguish the common weak and strong characteristics As the case study, the experiments are conducted on real passwords of Turkish users in an actively running system. The results of the experiments are categorized for weak and strong passwords. Moreover, the common tendencies on password choice are evaluated. Copyright 2010 ACM.