While teaching a class today, I got the idea to check my date of birth against the [https://haveibeenpwned.com/](https://haveibeenpwned.com/?fbclid=IwZXh0bgNhZW0CMTAAAR3PJjsnGJbgrUQUHOSeeTQNSi-uBLzLWjxHIwsZkgjrucKd0WhRKChMaug_aem_gnmqY8_OkOzZMtaV5MMY5Q) database of documented password leaks from around the internet to demonstrate how bad a date is as a password. Seeing thousands of hits for my birthday, I checked around and found it was particularly bad. So, I decided to pull the entire dataset, find find every date in the last 100 years, and search for trends. It turns out my birth year, 1986, is the worst year on record for this. Presumably the peak combination of being on the internet frequently and for a long time?
If you normalize popularity by year and find the true outliers, you probably end up with a slight bias against the mm-dd-yyyy parts of the world (which we deserve, because it’s bad!), but given how connected we are, it should balance out. It’s the overall headcount that I think must drive it, as all-time popular dates seem to have a bias towards Asia. It’s hard to say though – roughly 2/3 of the top 100 don’t seem to be noteworthy dates, perhaps just bubbling up due to noise in unpopular years. Of the remaining, we have:
* 4 Births: Elvis Presley, Che Guevara, Gandhi Jayanti, and Adolf Hitler
* 8 Holidays: 2x Taiwan National Day (Double Ten Day), 1x Chinese New Year, 1x Christmas Day, 3x New Year’s Day, and 1x New Year’s Eve
* 4 Political: Anschluss of Austria by Nazi Germany, Founding of the People’s Liberation Army (China), Founding of the People’s Republic of China, and the Xi’an Incident (Chinese political crisis)
* 3 Cultural: Opening of 2008 Beijing Olympics, Closing of 2022 Beijing Olympics, release of the movie Oppenheimer
* 2 Violence: 1998 US Embassy bombings, Delhi gang rape
* 11 War: Attack on Pearl Harbor, US declaration of war on Japan, Chinese intervention in Korean War, D-Day, Germany invades Poland, Marco Polo Bridge Incident (start of second Sino-Japanese war), Mukden Incident (start of Japanese invasion of Manchuria), start of the Nanking massacre, Victory Day in Europe, Victory Day over Japan
Well, I thought it was interesting!
Tools used:
* [haveibeenpwned-downloader](https://github.com/HaveIBeenPwned/PwnedPasswordsDownloader) to source the data
* C# to generate SHA1 hashes of dates and search the data for matching records
* Excel to explore the data and create visualizations
* ChatGPT o1 to flag dates plausibly made popular as passwords due to by major world events
I think I understand but isn’t the title completely off?
![[OC] Number of data breaches containing passwords based on dates in yyyymmdd format](https://www.europesays.com/wp-content/uploads/2024/12/gpzr4li0e65e1-1920x1024.png)
2 comments
While teaching a class today, I got the idea to check my date of birth against the [https://haveibeenpwned.com/](https://haveibeenpwned.com/?fbclid=IwZXh0bgNhZW0CMTAAAR3PJjsnGJbgrUQUHOSeeTQNSi-uBLzLWjxHIwsZkgjrucKd0WhRKChMaug_aem_gnmqY8_OkOzZMtaV5MMY5Q) database of documented password leaks from around the internet to demonstrate how bad a date is as a password. Seeing thousands of hits for my birthday, I checked around and found it was particularly bad. So, I decided to pull the entire dataset, find find every date in the last 100 years, and search for trends. It turns out my birth year, 1986, is the worst year on record for this. Presumably the peak combination of being on the internet frequently and for a long time?
If you normalize popularity by year and find the true outliers, you probably end up with a slight bias against the mm-dd-yyyy parts of the world (which we deserve, because it’s bad!), but given how connected we are, it should balance out. It’s the overall headcount that I think must drive it, as all-time popular dates seem to have a bias towards Asia. It’s hard to say though – roughly 2/3 of the top 100 don’t seem to be noteworthy dates, perhaps just bubbling up due to noise in unpopular years. Of the remaining, we have:
* 4 Births: Elvis Presley, Che Guevara, Gandhi Jayanti, and Adolf Hitler
* 8 Holidays: 2x Taiwan National Day (Double Ten Day), 1x Chinese New Year, 1x Christmas Day, 3x New Year’s Day, and 1x New Year’s Eve
* 4 Political: Anschluss of Austria by Nazi Germany, Founding of the People’s Liberation Army (China), Founding of the People’s Republic of China, and the Xi’an Incident (Chinese political crisis)
* 3 Cultural: Opening of 2008 Beijing Olympics, Closing of 2022 Beijing Olympics, release of the movie Oppenheimer
* 2 Violence: 1998 US Embassy bombings, Delhi gang rape
* 11 War: Attack on Pearl Harbor, US declaration of war on Japan, Chinese intervention in Korean War, D-Day, Germany invades Poland, Marco Polo Bridge Incident (start of second Sino-Japanese war), Mukden Incident (start of Japanese invasion of Manchuria), start of the Nanking massacre, Victory Day in Europe, Victory Day over Japan
Well, I thought it was interesting!
Tools used:
* [haveibeenpwned-downloader](https://github.com/HaveIBeenPwned/PwnedPasswordsDownloader) to source the data
* C# to generate SHA1 hashes of dates and search the data for matching records
* Excel to explore the data and create visualizations
* ChatGPT o1 to flag dates plausibly made popular as passwords due to by major world events
I think I understand but isn’t the title completely off?
Comments are closed.