Abstract or Summary:
Nowadays, identity breaches are happening almost on a daily basis. Just recently, hundreds of millions of identities were leaked from services like LinkedIn, MySpace and VKontakte. Undoubtedly, these breaches constitute a major threat because victims might fall to identity theft. As part of our warning service for victims of these breaches, we have gathered and normalized most of the publicly available breaches and could assess nearly one billion credentials. Apart from our security awareness service, the large amount of real world credentials allows to create comprehensive and realistic password statistics. In this paper, we introduce multiple comprehensive statistics on the use of passwords based on the gathered data. We especially focus on the often mentioned, but rarely researched, issue of password reuse and reveal the regional differences in password selection. We are confident that the analysis of such a large amount of real-life credentials is novel to existing studies on passwords, which were limited to thousands or a few million credentials, at most. For the first time, a realistic view on password reuse can be given.

PasswordResearch.com Note: Video of presentation: https://www.youtube.com/watch?v=qdycF4j3Ux0 Project page: https://sec.hpi.de/leak-checker/search