i was recently asked to do a presentation for a local conference. i like coming up with new things to research and investigate and decided to pursue passwords (and how bad they are). below is my presentation and code for the talk:

title: passwords: you can’t do it right

description: some say you’re doing it wrong. i argue you can’t do it right (but some do it better than others). see how ineffective passwords are at protecting your accounts and ways of decreasing the chance of anyone using your passwords to achieve total domination.

 

#!/usr/bin/python
#
# password_stats_03.py

import re
import sys

if (len(sys.argv) != 2):
    print """
    password stats 0.03
    usage: password_stats_03.py
    """
    exit()

# assign arguments to variable
file_passwords_all = sys.argv[1] 

# create empty vars
passwords_all = 0
passwords_unique = 0
password_numeric = 0
password_alpha_lower = 0
password_alpha_upper = 0
password_alpha_mixed = 0
password_alpha_lower_numeric = 0
password_alpha_upper_numeric = 0
password_alpha_mixed_numeric = 0
password_everything_else = 0

# create empty list(s)
list_password_length = []

# create empty dictionary(s)
dict_password_count = {}

# save all passwords to a list
file_passwords_all = open(file_passwords_all, 'r')
list_passwords_all = []

for line in file_passwords_all:
    list_passwords_all.append(line)
    passwords_all += 1
    password_length = len(line)
    list_password_length.append(password_length)
    if re.search("^[0-9]+$", line):
        password_numeric += 1
    elif re.search("^[a-z]+$", line):
        password_alpha_lower += 1
    elif re.search("^[A-Z]+$", line):
        password_alpha_upper += 1
    elif re.search("^[a-zA-Z]+$", line):
        password_alpha_mixed += 1
    elif re.search("^[a-z0-9]+$", line):
        password_alpha_lower_numeric += 1
    elif re.search("^[A-Z0-9]+$", line):
        password_alpha_upper_numeric += 1
    elif re.search("^[a-zA-Z0-9]+$", line):
        password_alpha_mixed_numeric += 1
    else:
        password_everything_else += 1

file_passwords_all.close()

# save unique passwords to a list
list_passwords_unique = set(list_passwords_all)

# put unique passwords and the number of times seen in a dictionary
for item in list_passwords_unique:
    dict_password_count[item] = list_passwords_all.count(item)
    passwords_unique += 1

# calculate how many unique passwords there are
passwords_unique_percent = (float(passwords_unique)/float(passwords_all)) * 100

# display total and unique passwords
print
print 'all passwordstt= ' + str(passwords_all)
print 'unique passwordst= ' + str(passwords_unique) + "tt%% %.02f" % passwords_unique_percent
print

# print out password lengths and number of times seen
print 'password length(s): '
for number in range(31):
    password_item = number + 1
    password_length_total = list_password_length.count(password_item)
    length_percentage = (float(password_length_total)/float(passwords_all)) * 100
    print str(number) + " chart =>t " + str(password_length_total) + "tt%% %.02f" % length_percentage

# print out complexity of the passwords and number of times seen with percentages
dict_password_complexity_options = {password_numeric: 'all numeric          ', password_alpha_lower: 'all alpha lower', password_alpha_upper: 'all alpha upper', password_alpha_mixed: 'all alpha mixed', password_alpha_lower_numeric: 'alpha lower & numeric', password_alpha_upper_numeric: 'alpha upper & numeric', password_alpha_mixed_numeric: 'alpha mixed & numeric', password_everything_else: 'everything else'}

print
print "password complexity: "
for item, description in dict_password_complexity_options.iteritems():
    print "%s tt " % description + str(item) + "t%% %.02f" % ((float(item)/float(passwords_all)) * 100)
sum = password_numeric + password_alpha_lower + password_alpha_upper + password_alpha_mixed + password_alpha_lower_numeric + password_alpha_upper_numeric + password_alpha_mixed_numeric + password_everything_else
print "sumtttt " + str(sum)
print

# print out the ten most common passwords with number of times seen
print "most common passwords:"
counter = 9
for key,value in sorted(dict_password_count.iteritems(), key=lambda item: -item[1]):
        if counter > 0:
        if len(key) < 6:
            print "password: " + str(key).strip() + "tttcount: " + str(value).strip()
        else:
            print "password: " + str(key).strip() + "ttcount: " + str(value).strip()
                counter-=1