Our website uses cookies. To find out more information on the cookies we use, please head to our privacy policy.OK

Comparing Human and Osirium Generated Passwords

It was a run on John the Ripper that sparked off this exercise, we were checking the quality of Osirium generated passwords and were surprised at some of the human passwords it cracked. Since we’re a security company many of our passwords are quite obtuse!

We think that the main issue is that a human’s have to use their brain to recall a password whereas Osirium has it’s secure database. The brain wants some sort of pattern it can lock onto, and it would appear that these patterns translate into rainbow lists very well.

Here’s the two heat maps that we generated, bear in mind that Osirium will create the longest password that a device or system will allow and a human often goes for the minimum a system policy will allow, therefore there are more characters in the Osirium sample set. The human passwords were taken from one of the recent breaches of a social media site.

Human Passwords

Osirium Passwords


Obviously we were pleased to find that John the Ripper didn’t crack any of the Osirium Generated Passwords. We can infer from the heat maps that

  • Humans invent short passwords that contain dictionary words.
  • Many human passwords start with a lowercase ‘a’.
  • For humans, vowels are popular, particularly as the first character. ‘2’ is their most popular digit.
  • Human passwords rarely exceed 10 characters

Related Articles

term->name is Risk Management

Why you shouldn’t be complacent about cloud security

More companies than ever are dedicating a larger percentage of their IT budgets to cloud computing, and it’s not hard to see why. In the cloud,… Read Post