How Secure is your Password? An Analysis of E-Commerce Passwords And Their Crack Times

The purpose of this paper is to examine passwords that are created by endusers in relationship to length, strength, and crack times. Examinations of these passwords illustrate the connectivity between password length and strength and the need to educate users as to the importance of their password choices. Through an empirical analysis of actual user passwords from a commercial website, this paper examines whether the passwords created by individuals on an e-commerce site follow "good" or "bad" password practices. Additionally, this paper addresses the issue of crack times (the time it takes to ‘crack’ a password) in relationship to password choice. The results of this study show the actual password practices of current consumer’s use and should indicate to both organizations and endusers the need for further education and the need for more secure password choices. Almost a third of passwords were cracked in less than one minute, and lacked basic features that should be in any secure password.