Common passwords and common words in passwords

Jikai Li, Ethan Zeigler, Thomas Holland, Dimitris Papamichail, David Greco, Joshua Grabentein, Daan Liang

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

1 Scopus citations


Passwords often include dictionary words or meaningful strings. Figuring out these words or strings may significantly reduce the number of password guessing. The wordlists used by password cracking software, such as Hashcat, typically include the words from various dictionaries and leaked plain passwords. Is it really necessary to put all dictionary words and leaked passwords into the wordlist? In this work, we use Mac system dictionary and leak as two sample wordlists to check the substrings of over 600 million leaked passwords from different websites. We find only a small portion of words from these two wordlists are used by the leaked passwords. More specifically, about 90,000 out of 235,886 Mac dictionary words and about six millions out of 13 millions unique passwords are used by the leaked passwords. In addition to that, we find that a small portion of unique passwords are shared by a large portion of accounts.

Original languageEnglish
Title of host publicationTrends and Innovations in Information Systems and Technologies - Volume 2, WorldCIST 2020
EditorsÁlvaro Rocha, Hojjat Adeli, Luís Paulo Reis, Sandra Costanzo, Irena Orovic, Fernando Moreira
Number of pages10
ISBN (Print)9783030456900
StatePublished - 2020
Event8th World Conference on Information Systems and Technologies, WorldCIST 2020 - Budva, Montenegro
Duration: Apr 7 2020Apr 10 2020

Publication series

NameAdvances in Intelligent Systems and Computing
Volume1160 AISC
ISSN (Print)2194-5357
ISSN (Electronic)2194-5365


Conference8th World Conference on Information Systems and Technologies, WorldCIST 2020


  • Dictionary
  • Hashcat
  • Password
  • Substring


Dive into the research topics of 'Common passwords and common words in passwords'. Together they form a unique fingerprint.

Cite this