A few days ago, I needed a dataset that had locations of users with their passwords. I could not find such a dataset so I thought of creating one. I used a public database that was breached and had IPs of users and used those IPs to get their locations. I then did some analysis on users passwords based on where they live. The results are a must see. Lets start.
Password strength analysis based on countries
Analyzing whether users of a few countries have better passwords than others
My goal was to see whether users of some countries use better passwords than other countries. Each country had around 30,000 users with their passwords making it 1.5 lac total users. I will be using graphs to illustrate my findings. I performed analysis on five countries i.e United States, Russia, China, Pakistan and India. The reason for choosing these countries is that they cover give an indication of their surrounding countries/places as well.
First of all, lets see which password length is used mostly in these countries and what percentage of people use what password lengths.
This analysis was very interesting. We see that Russia has lower percentages when the password lengths are less than 10 and the percentage increases as we go to higher length passwords. This could mean that people are more aware of good password practices. Another thing to note is that users of US are not very good at having longer passwords while users of India are better than both US and Pakistan at having greater length passwords.
Lets move on to the next thing. Lets see how many users use passwords based on top 100 patterns given in this post. I thought there won’t be a large amount of users but the results were astonishing.
Interesting right? Almost 50 percent of people use passwords based on the top 100 patterns. That’s weird considering 50 percent of the total population of many countries use common patterns. Russia again gives us good results. It has the least number of people using passwords based on top 100 patterns.
Lets do another analysis. Lets look at how many people have their name or email in their passwords.
Russia wins again while China loses big time.
In the above graphs, most of the time, the results of Pakistan and India are coming out to be consistent with India having some edge on Pakistan. This proves the fact that Indian people are indeed better at security than Pakistani people.
Lets see how many people have their password listed in top 50 passwords.
Pakistan loses this time which is quite frankly a fact. I live in Pakistan and people here use really really weak passwords.
Here’s an image with all the graphs in it.
That concludes this post. I hope you liked it. Comments and suggestions are most welcome.