Number Usage in Passwords: Take Two, (Thu, Apr 9th)

This article presents research findings from honeypot password analysis, examining how users incorporate numbers—particularly dates and years—into their passwords over time. The study notes patterns where password expiration policies lead to predictable password creation behaviors, including seasonal references and recent year usage. While the article provides valuable insights into weak password practices, it does not identify specific threat actors or malware families. The primary risk stems from predictable password patterns that could aid credential-based attacks. Organizations should consider implementing password managers, multi-factor authentication, and user education to mitigate reliance on memorable but weak password constructions.

In a previous diary [1], we looked to see how numbers were used within passwords submitted to honeypots. One of the items of interest was how dates, and more specifically years, were represented within the data and how that changed over time. It is often seen that years and seasons are used in passwords, especially when password change requirements include frequenty password changes. Some examples we might see today:

This article presents research findings from honeypot password analysis, examining how users incorporate numbers—particularly dates and years—into their passwords over time. The study notes patterns where password expiration policies lead to predictable password creation behaviors, including seasonal references and recent year usage. While the article provides valuable insights into weak password practices, it does not identify specific threat actors or malware families. The primary risk stems from predictable password patterns that could aid credential-based attacks. Organizations should consider implementing password managers, multi-factor authentication, and user education to mitigate reliance on memorable but weak password constructions. In a previous diary [1], we looked to see how numbers were used within passwords submitted to honeypots. One of the items of interest was how dates, and more specifically years, were represented within the data and how that changed over time. It is often seen that years and seasons are used in passwords, especially when password change requirements include frequenty password changes. Some examples we might see today: In a previous diary [1], we looked to see how numbers were used within passwords submitted to honeypots. One of the items of interest was how dates, and more specifically years, were represented within the data and how that changed over time. It is often seen that years and seasons are used in passwords, especially when password change requirements include frequenty password changes. Some examples we might see today: