Date of Award

2026

Document Type

Thesis

Degree Name

Bachelor of Science

Department

Computer Science

First Advisor

Dr. Douglas Szajda

Abstract

Passwords remain a critical part of almost every account security system. As a result, password guessing attacks remain one of the most widespread yet profitable attacks possible. Setting a password resistant to attacks is thus an important task for account holders. In this paper, we use the RockYou2024 database, a collection of approximately 10 billion real-world passwords collected from data breaches, to analyze the characteristics of passwords found in real life. We start with basic statistical property analysis, such as length, distribution of digits and symbols, and proceed onto more complicated properties such as frequencies of combinations of characters, entropy analysis, and edit distance clustering. Through these experiments, we find patterns shared across many passwords despite them being unique in the dataset, such as the distribution of types of characters. These patterns allow us to predict how an adversary might mount a password-guessing attack if given this dataset.

Download

Share

COinS