Hackers also use weak passwords just like rest of us, claims researcher

By  | 

A security researcher has revealed that hackers also use weak passwords just like other users on the web and that only 10 percent of hackers used passwords that were beyond normal capabilities of guessing and cracking.

Antonin Hyza of Avast! ananlysed 40,000 samples of passwords used by hackers and based on his findings he revealed that the average length of passwords used by hackers is six characters.

Only 10 percent of passwords analysed were as long as 75 characters, while the most common password was ‘hack’.

“There were also passwords that don’t use characters from an English keyboard. But there was still a 90% chance it could be a normal word, maybe with some number in it. No less than 9% of the passwords could be found in an English dictionary”, noted Hyza in a blog post.

“When I compare all findings from the graphs above, I can tell that the average hackers’ password will be at a maximum six characters long, contain lower case letters and numbers and it’s derived from the English language.”

It is not completely clear why would hackers use such weak passwords, but it is highly possible that they want to keep their original passwords limited to their personal accounts and hacked assets that are highly valuable.

The primary motivation behind Hyza’s study was his discovery of 2,000 passwords used by hackers after he tried to decode a PHP shell without knowing the key.

“Because I did not know the exact content of the encoded file and searching the key could take me years, I chose a different approach. I decided to find out how strong passwords used by hackers are and create a dictionary”, noted the researcher.