A large-scale analysis of Wi-Fi passwords

Passwords remain the most common method of authentication in computers and networks. Thus, passwords have been the prime targets of attackers, and the number of data breaches in the last few years proves the high value of passwords. A detailed analysis of such data can provide insight on password trends and patterns users follow when they create a password. While there is a wealth of research investigating online password choices, to the best of our knowledge, there are no studies specifically designed to capture user behavior towards Wi-Fi passwords. In this paper, we perform a large-scale analysis of Wi-Fi passwords categorizing them as public Wi-Fi passwords created for Wi-Fi hotspots and private Wi-Fi passwords created for private/home Wi-Fi installations. First, we analyze public Wi-Fi passwords by collecting and analyzing a corpus of more than one million passwords of Wi-Fi hotspots. The aim of the analysis of public Wi-Fi passwords is to reveal password characteristics and compare them against web account passwords, to discover similarities and differences between them. While comparing the collected dataset with a set of popular leaked web password databases, several similarities between them can be identified, despite the fact that these password categories serve different purposes. Secondly, we explore through an online survey, the characteristics of passwords in private/home Wi-Fi installations. The aim is to give greater insight into private Wi-Fi password selection of users and highlight password trends when it comes to context, length, strength and architecture. Results reveal that users follow several poor security practices when selecting their private Wi-Fi passwords and tend to underestimate their importance with regards to their security and privacy. To the best of the authors' knowledge, this is the first work to examine Wi-Fi passwords characteristics and shed light on how users choose them in terms of structure and composition.