Our website uses cookies. To find out more information on the cookies we use, please head to our privacy policy.OK

Comparing Human and Osirium Generated Passwords

It was a run on John the Ripper that sparked off this exercise, we were checking the quality of Osirium generated passwords and were surprised at some of the human passwords it cracked. Since we’re a security company many of our passwords are quite obtuse!

We think that the main issue is that a human’s have to use their brain to recall a password whereas Osirium has it’s secure database. The brain wants some sort of pattern it can lock onto, and it would appear that these patterns translate into rainbow lists very well.

Here’s the two heat maps that we generated, bear in mind that Osirium will create the longest password that a device or system will allow and a human often goes for the minimum a system policy will allow, therefore there are more characters in the Osirium sample set. The human passwords were taken from one of the recent breaches of a social media site.

Human Passwords

Osirium Passwords


Obviously we were pleased to find that John the Ripper didn’t crack any of the Osirium Generated Passwords. We can infer from the heat maps that

  • Humans invent short passwords that contain dictionary words.
  • Many human passwords start with a lowercase ‘a’.
  • For humans, vowels are popular, particularly as the first character. ‘2’ is their most popular digit.
  • Human passwords rarely exceed 10 characters

Related Articles

term->name is Risk Management

Recovery from O2 outage could have been accelerated using Osirium Privileged Task Automation

The system and process flaws that resulted in a loss of service for 23 million customers yesterday could have been resolved rapidly using Osirium… Read Post

The O2 outage, how task automation could help

Ericsson and O2 engineers would have been flat out either updating certificates or software. Once the fix recipe was determined it would be a case… Read Post