An analysis view on password patterns of Chinese internet users

In December 2011, the National Computer Network Emergency Response Technical Team/Coordination Center of China reported the most serious user data leak in history which involved 26 databases with 278 million user accounts and passwords. After acquiring the user data from this massive information leak, this study has two major research purposes: the paper aims to reveal similarities and differences of password construction among four companies; and investigate how culture factors shape user password construction in China.

This article analyzed real‐life passwords collected from four companies by comparing the following attributes: password length, password constitution, top 20 frequent passwords, character frequency distributions, string similarity, and password reuse.

Major findings include that: general users in China have a weaker sense of security than those in Western countries, which reflected in the password lengths, the character combinations and the content structures; password constitution preferences are different between users in Western countries and in China, where passwords are more similar to the Pinyin context and Chinese number homonym; and password reuse is very common in China. General users tend to reuse the same passwords and IT professionals tend to engage in Seed Password reuse.

Due to the rapid growth of Internet users and e‐commerce markets in China, many online service providers may not pay enough attention to security issues, but focus instead on market expansion. Employees in these companies may not be well trained in information security, resulting in carelessness when handling security issues.

This is the first study which attempts to consider culture influences in password construction by analyzing real‐life datasets.