In a recent development, the research team at Specops Software has unveiled their latest findings on the usage of keyboard walk patterns in compromised passwords. Their research has identified the top keyboard walk pattern found in compromised passwords to be ‘qwert’, followed closely by ‘qwerty’, which was discovered in compromised passwords more than 1 million times.
For those unfamiliar with the term, keyboard walk patterns refer to passwords that consist of keys located adjacent to each other on a user’s keyboard. In order to obtain these results, the Specops team analyzed a subset of 800 million passwords from the largest Breached Password Protection database, which comprises a total of over three billion breached passwords.
To conduct their research, the Specops team used a generator to compile a list of common keyboard walk patterns. The team specifically focused on patterns that consisted of five or more characters, as well as phrases that deviated from standard language. The words generated were derived from three commonly used Latin alphabet keyboard layouts, which include Qwerty (common in America and various regions in Europe with slight modifications), Azerty (predominantly utilized in France and Belgium), and Qwertz (widely employed in Germany and other Central European countries).
The most prevalent Querty keyboard walk pattern discovered in compromised passwords was ‘qwerty’, appearing over 1 million times throughout the dataset. Following closely were ‘qwert’, ‘werty’, and ‘asdfg’. In terms of Azerty keyboard walk patterns, the top three findings were ‘xcvbn’ (found over 143,000 times), ‘asdfg’, and ‘tress’. Similarly, within the Qwertz keyboard layout, the top three walk patterns were ‘qwert’ (observed over 1.4 million times), ‘asdfg’, and ‘xcvbnm’.
Darren James, Senior Product Manager at Specops Software, commented on the research findings by stating, “We find keyboard walk patterns in compromised password data because users are human. But the danger is that attackers also know this.” James added, “Any IT team aiming to strengthen their defense against this prevalent password behavior would be wise to block these specific patterns. Moreover, smarter IT teams would take it a step further and ensure the blocking of any known compromised passwords.”
Specops Software advises organizations to employ tools that can detect compromised passwords within their networks as a means of protection against security breaches. In a previous report released earlier this year, Specops Software presented the 2023 Weak Password Report, which revealed that approximately 83% of compromised passwords meet the length and complexity requirements established by regulatory password standards.
This research serves as a crucial reminder for individuals and organizations alike to exercise caution when creating passwords and to avoid easily guessable patterns. With hackers becoming increasingly sophisticated, it is essential to prioritize the use of strong, unique passwords that adhere to recommended security practices. By implementing robust password management strategies, individuals and organizations can significantly reduce the risk of being compromised by cyberattacks.