
Password strength analysis based on countries - Faizann20
http://fsecurify.com/password-analysis-based-on-countries/
======
hamstergene
> We see that Russia has lower percentages when the password lengths are less
> than 10 and the percentage increases as we go to higher length passwords.
> This could mean that people are more aware of good password practices.

Russians commonly make passwords from Russian dictionary words by pressing the
respective Russian letters on their keyboards but without actually switching
to Russian language. Also for this reason it seems Russians are not using top
50 most common passwords, while in reality they surely do, it's just 50 most
common _Russian_ ones.

As for China, was the breached service not blocked by firewall and commonly
used by ordinary Chinese? Are you sure you're not analyzing just Hong Kong
instead of all the China?

Raw stats like that are misleading. One has to consider how these countries'
languages, cultures and political peculiarities affect usage of Internet
services.

------
weinzierl
>I used a public database that was breached and had IPs of users and used
those IPs to get their locations.

I wonder if this analysis is based on a data set with leaked clear text
passwords or cracked hashes.

Given that never all hashes are cracked but only the _crackable_ (whatever
that means) that would heavily bias the analysis.

~~~
Faizann20
The dataset consisted of clear text passwords. No hashes.

~~~
mynegation
The point was that these password were cracked at some point, and those hard
to crack were less likely to appear in this database and that skews the
analysis.

~~~
NicolaiS
Not if they all was stored in cleartext from the beginning - which,
unfortunately, a lot are.

------
dmurray
Countries that speak English and use English keyboards are going to show up as
weaker in this kind of analysis, because the "top 50 passwords" heavily
features the likes of "football" and "qwerty". I'm not sure what "top 100
password patterns" could mean.

These users (USA, then to a lesser extent India and Pakistan) really do choose
objectively weaker passwords, because those passwords will be tried first by
most automated password crackers. But it's not correct to conclude from that
that the users have worse security practices. A better test for that would be
to check against the most common passwords within each nation's corpus.

~~~
shagie
While the "top N" password lists are likely english centric, the other parts
of the analysis aren't.

Things like "length of password" or "percentage of users using their
name/email in their password" is not something that is language dependent.

That said, the wording of some of the passages appears to be one of "India is
better than China at passwords." As the author appears to be Indian ("1.5
lac") there could be a hint of nationalism in this.

~~~
mamon
Length of password is partially dependent on language (e.g German words tend
to be longer on average).

Also, many languages have their own diacritic characters (å, ä, ö, etc.),
which, when used in password, will be counted as "special characters" (because
they do not match standard [a-zA-Z0-9] regexp).

So yes, password safety is at least partially influenced by user's language.

------
gpvos
Page is empty for me. When I checked an archive site, it appeared to redirect
to a probable malware site. [http://archive.is/cYDEp](http://archive.is/cYDEp)

~~~
Faizann20
Please use this link. There is nothing malware related anywhere.

[https://web.archive.org/web/20170514081120/http://fsecurify....](https://web.archive.org/web/20170514081120/http://fsecurify.com/password-
analysis-based-on-countries/)

~~~
Terretta
Don't do this. Costs them money and being a CDN is not their business plan.

There are "legit" free CDNs if you can't handle the traffic yourself.

Also note Google will penalize you hard if you keep going offline every time
you are linked to.

~~~
deckar01
> The Internet Archive is a 501(c)(3) non-profit library. Founded in 1996, our
> mission is to provide Universal Access to All Knowledge.

[https://archive.org/about/](https://archive.org/about/)

If a book store was sold out of a popular book would you discourage people
from looking for it at the library? For all we know this information has been
destroyed and the internet archive is the only place it exists now.

~~~
Terretta
I would discourage the book publisher from only printing a shirt run then
sending would-be buyers to the library asking them to make photocopies for
everyone for free.

This person was directing overload traffic via archive.org as a CDN.

My point is, there are places doing that as an offering.

For example, CoralCDN at [http://www.coralcdn.org](http://www.coralcdn.org) is
a peer-to-peer (P2P) based content delivery network which is totally free.

To use it you just have to append .nyud.net to the hostname of any URL, and
your request for that URL is handled by CoralCDN.

Don't leech archive.org, let them spend their money on collecting and storing
all knowledge, not as a hosting overflow provider.

------
C4K3
Offtopic, but that website header sure is distracting, on my laptop it uses
266 out of the 633 vertical pixels space I have for the page.

[http://imgur.com/SRkTL5w](http://imgur.com/SRkTL5w)

~~~
carlob
I have this bookmarklet I use all the time

    
    
        javascript:(function()%7B(function%20()%20%7Bvar%20i%2C%20elements%20%3D%20document.querySelectorAll('body%20*')%3Bfor%20(i%20%3D%200%3B%20i%20%3C%20elements.length%3B%20i%2B%2B)%20%7Bif%20(getComputedStyle(elements%5Bi%5D).position%20%3D%3D%3D%20'fixed')%20%7Belements%5Bi%5D.parentNode.removeChild(elements%5Bi%5D)%3B%7D%7D%7D)()%7D)()

~~~
agumonkey
Very nice

