Passwords to absolutely avoid

Abstract

This paper describes the password habits of web users, particularly in Greece. A study was conducted online to ask users questions about the length of the password they use today, in how many web sites they use the same password, whether they use personal data while constructing their passwords and if they ever used as a password some of trivial words. They were also asked whether they reveal their password(s) to friends and/or family and if they ever realized that their password was exposed or revealed to an attacker and the measures they took after that. Additionally, an extended literature review about password habits and effectiveness regarding length and complexity is included. At the end of the paper, for first time in Greece, there is a list of the 100 passwords that Greek users should absolutely avoid using due to the ease of guessing or weak complexity, short length or simply because they exist in every dictionary used for password attacks in the wild.