You are here: Home Contents V2 N3 V2N3_Cazier.html
Personal tools

How Secure is Your Password? An Analysis of E-Commerce Passwords and their Crack Time



Full text

Journal of Information System Security
Volume 2, Number 3 (2006)
Pages 6982
ISSN 1551-0123
Joseph A. Cazier — Appalachian State University, USA
B. Dawn Medlin — Appalachian State University, USA
Information Institute Publishing, Washington DC, USA




The purpose of this paper is to examine passwords that are created by endusers in relationship to length, strength, and crack times. Examinations of these passwords illustrate the connectivity between password length and strength and the need to educate users as to the importance of their password choices. Through an empirical analysis of actual user passwords from a commercial website, this paper examines whether the passwords created by individuals on an e-commerce site follow “good” or “bad” password practices. Additionally, this paper addresses the issue of crack times (the time it takes to ‘crack’ a password) in relationship to password choice. The results of this study show the actual password practices of current consumers and should indicate to both organizations and endusers the need for further education and the need for more secure password choices. Almost a third of passwords were cracked in less than one minute, and lacked basic features that should be in any secure password.




Passwords, Security, Hacking, Cracking, Password Cracking




Andrews, L.W. (2004) Passwords Reveal Your Personality. Retrieved February 1, 2005 from

Atkinson, R.C. & Shiffrin, R.M. (1968). Human memory: A proposed system and its control processes. In Spence, K.W. & Spence, J.T. (Eds.), The Psychology of Learning and Motivation, New York: Academic Press.

Armstrong, D. and Simonson, J. (1996). “Password Guessing” and “Password Sniffing,” An Intro to Computer Security, School of Engineering & Applied Sciences, University of Rochester, 1996. Retrieved October 1, 2005 from

Cliff, A. (2001). “Password Crackers - Ensuring the Security of Your Password”, Security Focus, Retrieved September 10, 2005 from

Cons, L. (1996). CERN Security Handbook, Version 1.2, December 1996. Retrieved October 10, 2005 from

Department of Defense. (1985) Password Management Guideline. Retrieved September 2004, from

Donovan, C. (2000). “Strong Passwords,” SANS Institute, June 2, 2000. Retrieved October 12, 2005 from

Georgetown University Information Security. Retrieved September 2005, from

Kanaley, R. (2001) Login error trouble keeping track of all Your signons? Here’s a place to keep your electronic keys, but you better remember the password. San Jose Mercury News.

MacGregor, T. (2001). “Password Auditing and Password Filtering to Improve Network Security”, SANS Institute, May 13, 2001.Retrieved September 21, 2005 from

“Password Security: A Guide for Students, Faculty, and Staff of the University of Michigan,” University of Michigan, Information Technology Division, Reference R1192, Revised April 1997. Retrieved on September 28, 2005 from

University of New Mexico. (2004). Password Methodology: How to make, remember and change good passwords. Retrieved October 10, 2004 from