The list contains every wordlist, dictionary, and password database leak that I could find on the internet (and I spent a LOT of time looking). It also contains every word in the Wikipedia databases (pages-articles, retrieved 2010, all languages) as well as lots of books from Project Gutenberg. It also includes the passwords from some low-profile database breaches that were being sold in the underground years ago. The format of the list is a standard text file sorted in non-case-sensitive alphabetical order. Lines are separated with a newline " " character. You can test the list without downloading it by giving SHA256 hashes to the free hash cracker or to @PlzCrack on twitter. Here s a tool for computing hashes easily. Here are the results of cracking LinkedIn s and eHarmony s password hash leaks with the list. The list is responsible for cracking about 30% of all hashes given to CrackStation s free hash cracker, but that figure should be taken with a grain of salt because s

This is a dataset containing all the major data breaches in the world from 2004 to 2021

As we know, there is a big issue related to the privacy of our data. Many major companies in the world still to this day face this issue every single day. Even with a great team of people working on their security, many still suffer. In order to tackle this situation, it is only right that we must study this issue in great depth and therefore I pulled this data from Wikipedia to conduct data analysis. I would encourage others to take a look at this as well and find as many insights as possible.

This data contains 5 columns: 1. Entity: The name of the company, organization or institute 2. Year: In what year did the data breach took place 3. Records: How many records were compromised (can include information like email, passwords etc.) 4. Organization type: Which sector does the organization belong to 5. Method: Was it hacked? Were the files lost? Was it an inside job?

Here is the source for the dataset: https://en.wikipedia.org/wiki/List_of_data_breaches

Here is the GitHub link for a guide on how it was scraped: https://github.com/hishaamarmghan/Data-Breaches-Scraping-Cleaning

Image

https://www.googleapis.com/download/storage/v1/b/kaggle-user-content/o/inbox%2F1842206%2Ff29f742e3d48f66bf0eccf60abf631d1%2Frockyo2.png?generation=1720539563047126&alt=media" alt="">

Kaggle Previous Version of RockYou.txt

https://www.googleapis.com/download/storage/v1/b/kaggle-forum-message-attachments/o/inbox%2F1842206%2F0e4b20e3662c065318f7feefb42ef785%2Foriginal.png?generation=1720578063663708&alt=media" alt="">

The original RockYou.txt dataset was uploaded by @wjburns 5 years ago, with 95K downloads and 640 upvotes, which means Kaggle allows this type of data for research and educational purposes.

Files

I separated the single 160GB txt file into smaller files with filenames based on first character to make it easier to utilize for those with less powerful machines.

• letters (A-Z)
• digits (0-9)
• dollarsymbol ($)
• symbols (other symbols)
• others (those that cant be categorized by any of those above)

Note

• The original 160GB file was written with an encoding of utf8, I used the same encoding for the files above.
• The contents of the files above are UNSORTED
• The contents are NOT DEDUPLICATED

History

• https://en.wikipedia.org/wiki/RockYou

Everyone involved with Capture The Flag (CTF) has used the infamous rockyou.txt wordlist at least once, mainly to perform password cracking activities. The file is a list of 14 million unique passwords originating from the 2009 RockYou hack making a piece of computer security history. The “rockyou lineage” has evolved over the years.

https://www.youtube.com/watch?v=0_mQACSn6XM" alt="">

RockYou2024.txt

With the 2021 version we touched high numbers but with the newest release is the (apparently) ultimate amalgamation. RockYou2024 has been released by the user “ObamaCare” . This new version added 1.5 billion of records to the 2021 version reaching the 10 billions records. A wordlist can potentially be used for a multitude of tasks and having this number of records in a single file, especially in 2024 with increasingly aggressive data breaches, is a dream come true for attackers. The user have not specified the nature of the additional records but punctualize the new data comes from recent leaked databases.

From The New RockYou2024 Collection has been published!

Source

I got it from https://github.com/hkphh/rockyou2024.txt, but it was originally shared by a certain aka ObamaCare which I don't have any affiliation nor association with.

Original TxtFile

In case you'd like to process the RockYou2024.txt yourself, you can find it here ❗Original RockYou2024.txt zip file

Strong Passwords Only

In case you'd like to see only the "Strong Passwords", you can find it here ❗180 Million "Strong Passwords" in RockYou2024.txt

Cover Image

Generated with Bing Image Generator

The password management market was valued at slightly above * billion U.S. dollars in 2022 and was expected to exceed * billion U.S. dollars in revenue by 2025. However, the past few years have seen the emergence of new and more secure authentication methods such as passwordless security or multi-factor authentication. Despite the instability that password security currently has, it remains the most used security method worldwide to grant access to company infrastructure. Password security When it comes to online credentials storage habits in 2021, the most common method is still to remember them by heart or write them down on paper. It is no wonder that individuals find it more challenging to keep track of all their online accounts nowadays. Consequently, people tend to reuse the same credentials when creating new online accounts in order to make passwords easier to remember. In 2021, the most frequent password encountered over a 45-day period across the Internet of Things (IoT) devices was admin, used nearly ** million times. Multi-factor authentication (MFA) Simply put, MFA grants the user access to a website or application only after successfully presenting at least * pieces of evidence that could identify the user to an authentication mechanism. Depending on the desired security level, MFA can provide several authentication types. One of the most common types of MFA used by companies worldwide is an SMS code or a one-time password (OTP). In 2021, Philippines registered the highest increase in MFA volume, at over *** percent. By contrast, Israel’s MFA volume dropped by ** percent.

Explore the historical Whois records related to password-security.info (Domain). Get insights into ownership history and changes over time.

1 billion Yahoo! accounts were compromised in massive security breach. Yahoo is one of the most visited web platforms globally and remains a major hacking target.

Image

https://www.googleapis.com/download/storage/v1/b/kaggle-user-content/o/inbox%2F1842206%2F4a05853cd3e61cc5414534f8c8a82c32%2Fstrongpassword2.png?generation=1720631443593955&alt=media" alt="">

Description

I extracted all entries from the RockYou2024.txt with the following characteristics - Between 8 to 32 characters - Has at least one upper-case character - Has at least one small-case character - Has at least one digit - Has at least one punctuation mark

Note

• The contents per file are DEDUPLICATED
• The contents per file are SORTED
• White spaces between characters are INCLUDED

Kaggle Previous Version of RockYou.txt

https://www.googleapis.com/download/storage/v1/b/kaggle-forum-message-attachments/o/inbox%2F1842206%2F0e4b20e3662c065318f7feefb42ef785%2Foriginal.png?generation=1720578063663708&alt=media" alt="">

The original RockYou.txt dataset was uploaded by @wjburns 5 years ago, with 95K downloads and 640 upvotes, which means Kaggle allows this type of data for research and educational purposes.

Note

• The original 160GB file was written with an encoding of utf8, I used the same encoding for the files above.

History

• https://en.wikipedia.org/wiki/RockYou

Everyone involved with Capture The Flag (CTF) has used the infamous rockyou.txt wordlist at least once, mainly to perform password cracking activities. The file is a list of 14 million unique passwords originating from the 2009 RockYou hack making a piece of computer security history. The “rockyou lineage” has evolved over the years.

https://www.youtube.com/watch?v=0_mQACSn6XM" alt="">

RockYou2024.txt

With the 2021 version we touched high numbers but with the newest release is the (apparently) ultimate amalgamation. RockYou2024 has been released by the user “ObamaCare” . This new version added 1.5 billion of records to the 2021 version reaching the 10 billions records. A wordlist can potentially be used for a multitude of tasks and having this number of records in a single file, especially in 2024 with increasingly aggressive data breaches, is a dream come true for attackers. The user have not specified the nature of the additional records but punctualize the new data comes from recent leaked databases.

From The New RockYou2024 Collection has been published!

Source

I got it from https://github.com/hkphh/rockyou2024.txt, but it was originally shared by a certain aka ObamaCare which I don't have any affiliation nor association with.

Variations of Dataset

• In case you'd like to process the RockYou2024.txt yourself, you can find it here ❗Original RockYou2024.txt zip file
• In case you'd like to download the contents segmentized by contents' first characters, you can find it here ❗RockYou2024.zip| 10 BILLION Common Passwords List For your Research and Analysis needs (160GB)

Reminder

Use responsibly

Cover Image

Generated with Bing Image Generator

WIFI-HANDSHAKE: Analysis of password patterns in Wi-Fi networks Adrian-Carballal, J. Pablo Galego-Carro, Nereida Rodriguez-Fernandez and Carlos Fernandez-Lozano PeerJ Computer Science

This paper seeks to provide a snapshot of the security of Wi-Fi access points in the metropolitan area of A Coruña. First, we discuss the options for obtaining a tool that allows the collection and storage of auditable information from Wi-Fi networks, from location to signal strength, security protocol or the list of connected clients. Subsequently, an analysis is carried out aimed at identifying password patterns in Wi-Fi networks with WEP, WPA and WPA2 security protocols. For this purpose, a password recovery tool called Hashcat was used to execute dictionary or brute force attacks, among others, with various word collections. The coverage of the access points in which passwords were decrypted is displayed on a heat map that represents various levels of signal quality depending on the signal strength. From the handshakes obtained, and by means of brute force, we will try to crack as many passwords as possible in order to create a targeted and contextualized dictionary both by geographical location and by the nature of the owner of the access point. Finally, we will propose a contextualized grammar that minimizes the size of the dictionary with respect to the most used ones and unifies the decryption capacity of the combination of all of them.

CITATION:

Carballal A, Galego-Carro JP, Rodriguez-Fernandez N, Fernandez-Lozano C. 2022. Wi-Fi Handshake: analysis of password patterns in Wi-Fi networks. PeerJ Computer Science 8:e1185 https://doi.org/10.7717/peerj-cs.1185

Login Data Set for Risk-Based Authentication

Synthesized login feature data of >33M login attempts and >3.3M users on a large-scale online service in Norway. Original data collected between February 2020 and February 2021.

This data sets aims to foster research and development for Risk-Based Authentication (RBA) systems. The data was synthesized from the real-world login behavior of more than 3.3M users at a large-scale single sign-on (SSO) online service in Norway.

The users used this SSO to access sensitive data provided by the online service, e.g., a cloud storage and billing information. We used this data set to study how the Freeman et al. (2016) RBA model behaves on a large-scale online service in the real world (see Publication). The synthesized data set can reproduce these results made on the original data set (see Study Reproduction). Beyond that, you can use this data set to evaluate and improve RBA algorithms under real-world conditions.

WARNING: The feature values are plausible, but still totally artificial. Therefore, you should NOT use this data set in productive systems, e.g., intrusion detection systems.

Overview

The data set contains the following features related to each login attempt on the SSO:

Feature	Data Type	Description	Range or Example
IP Address	String	IP address belonging to the login attempt	0.0.0.0 - 255.255.255.255
Country	String	Country derived from the IP address	US
Region	String	Region derived from the IP address	New York
City	String	City derived from the IP address	Rochester
ASN	Integer	Autonomous system number derived from the IP address	0 - 600000
User Agent String	String	User agent string submitted by the client	Mozilla/5.0 (Windows NT 10.0; Win64; ...
OS Name and Version	String	Operating system name and version derived from the user agent string	Windows 10
Browser Name and Version	String	Browser name and version derived from the user agent string	Chrome 70.0.3538
Device Type	String	Device type derived from the user agent string	(mobile, desktop, tablet, bot, unknown)1
User ID	Integer	Idenfication number related to the affected user account	[Random pseudonym]
Login Timestamp	Integer	Timestamp related to the login attempt	[64 Bit timestamp]
Round-Trip Time (RTT) [ms]	Integer	Server-side measured latency between client and server	1 - 8600000
Login Successful	Boolean	True: Login was successful, False: Login failed	(true, false)
Is Attack IP	Boolean	IP address was found in known attacker data set	(true, false)
Is Account Takeover	Boolean	Login attempt was identified as account takeover by incident response team of the online service	(true, false)

Data Creation

As the data set targets RBA systems, especially the Freeman et al. (2016) model, the statistical feature probabilities between all users, globally and locally, are identical for the categorical data. All the other data was randomly generated while maintaining logical relations and timely order between the features.

The timestamps, however, are not identical and contain randomness. The feature values related to IP address and user agent string were randomly generated by publicly available data, so they were very likely not present in the real data set. The RTTs resemble real values but were randomly assigned among users per geolocation. Therefore, the RTT entries were probably in other positions in the original data set.

• The country was randomly assigned per unique feature value. Based on that, we randomly assigned an ASN related to the country, and generated the IP addresses for this ASN. The cities and regions were derived from the generated IP addresses for privacy reasons and do not reflect the real logical relations from the original data set.

• The device types are identical to the real data set. Based on that, we randomly assigned the OS, and based on the OS the browser information. From this information, we randomly generated the user agent string. Therefore, all the logical relations regarding the user agent are identical as in the real data set.

• The RTT was randomly drawn from the login success status and synthesized geolocation data. We did this to ensure that the RTTs are realistic ones.

Regarding the Data Values

Due to unresolvable conflicts during the data creation, we had to assign some unrealistic IP addresses and ASNs that are not present in the real world. Nevertheless, these do not have any effects on the risk scores generated by the Freeman et al. (2016) model.

You can recognize them by the following values:

• ASNs with values >= 500.000

• IP addresses in the range 10.0.0.0 - 10.255.255.255 (10.0.0.0/8 CIDR range)

Study Reproduction

Based on our evaluation, this data set can reproduce our study results regarding the RBA behavior of an RBA model using the IP address (IP address, country, and ASN) and user agent string (Full string, OS name and version, browser name and version, device type) as features.

The calculated RTT significances for countries and regions inside Norway are not identical using this data set, but have similar tendencies. The same is true for the Median RTTs per country. This is due to the fact that the available number of entries per country, region, and city changed with the data creation procedure. However, the RTTs still reflect the real-world distributions of different geolocations by city.

See RESULTS.md for more details.

Ethics

By using the SSO service, the users agreed in the data collection and evaluation for research purposes. For study reproduction and fostering RBA research, we agreed with the data owner to create a synthesized data set that does not allow re-identification of customers.

The synthesized data set does not contain any sensitive data values, as the IP addresses, browser identifiers, login timestamps, and RTTs were randomly generated and assigned.

Publication

You can find more details on our conducted study in the following journal article:

Pump Up Password Security! Evaluating and Enhancing Risk-Based Authentication on a Real-World Large-Scale Online Service (2022)
Stephan Wiefling, Paul René Jørgensen, Sigurd Thunem, and Luigi Lo Iacono.
ACM Transactions on Privacy and Security

Bibtex

@article{Wiefling_Pump_2022,
 author = {Wiefling, Stephan and Jørgensen, Paul René and Thunem, Sigurd and Lo Iacono, Luigi},
 title = {Pump {Up} {Password} {Security}! {Evaluating} and {Enhancing} {Risk}-{Based} {Authentication} on a {Real}-{World} {Large}-{Scale} {Online} {Service}},
 journal = {{ACM} {Transactions} on {Privacy} and {Security}},
 doi = {10.1145/3546069},
 publisher = {ACM},
 year  = {2022}
}

License

This data set and the contents of this repository are licensed under the Creative Commons Attribution 4.0 International (CC BY 4.0) license. See the LICENSE file for details. If the data set is used within a publication, the following journal article has to be cited as the source of the data set:

Stephan Wiefling, Paul René Jørgensen, Sigurd Thunem, and Luigi Lo Iacono: Pump Up Password Security! Evaluating and Enhancing Risk-Based Authentication on a Real-World Large-Scale Online Service. In: ACM Transactions on Privacy and Security (2022). doi: 10.1145/3546069

1. Few (invalid) user agents strings from the original data set could not be parsed, so their device type is empty. Perhaps this parse error is useful information for your studies, so we kept these 1526 entries.↩︎

According to Cognitive Market Research, the global Mobile User Authentication market size is USD 1952.2 million in 2024. It will expand at a compound annual growth rate (CAGR) of 23.50% from 2024 to 2031.

North America held the major market share for more than 40% of the global revenue with a market size of USD 780.88 million in 2024 and will grow at a compound annual growth rate (CAGR) of 21.7% from 2024 to 2031.
Europe accounted for a market share of over 30% of the global revenue with a market size of USD 585.66 million.
Asia Pacific held a market share of around 23% of the global revenue with a market size of USD 449.01 million in 2024 and will grow at a compound annual growth rate (CAGR) of 25.5% from 2024 to 2031.
Latin America had a market share for more than 5% of the global revenue with a market size of USD 97.61 million in 2024 and will grow at a compound annual growth rate (CAGR) of 22.9% from 2024 to 2031.
Middle East and Africa had a market share of around 2% of the global revenue and was estimated at a market size of USD 39.04 million in 2024 and will grow at a compound annual growth rate (CAGR) of 23.2% from 2024 to 2031.
The Two-Factor Authentication held the highest Mobile User Authentication market revenue share in 2024.

Market Dynamics of Mobile User Authentication Market

Key Drivers for Mobile User Authentication Market

Surging Mobile Device Usage to Increase the Demand Globally

The pervasive use of smartphones and tablets has caused an urgent demand for robust authentication methods to safeguard non-public and expert facts. With those gadgets serving as relevant repositories for sensitive statistics, secure admission is vital to save you from unauthorized breaches. Biometric authentication, which includes fingerprint and facial reputation, has gained prominence for its reliability and comfort. Additionally, multi-aspect authentication (MFA) combining passwords with biometrics or OTP (one-time password) verification offers enhanced protection layers. As cellular gadgets continue to conform and combine deeper into daily activities, the development and adoption of stringent authentication protocols stay paramount to mitigate risks associated with data breaches and identity robbery, making sure customers can expectantly navigate their digital lives.

Growing Security Threats to Propel Market Growth

The escalation of cybercrime, encompassing phishing attacks and information breaches, underscores the critical need for robust cell authentication answers among both corporations and individuals. As smartphones and tablets increasingly save and get the right of entry to sensitive facts, they become prime objectives for malicious actors in search of unauthorized access. Effective cellular authentication strategies include biometric verification (along with fingerprint or facial popularity) and multi-element authentication (MFA), combining passwords with extra security layers like OTPs (one-time passwords) or hardware tokens. These measures help give a boost to defenses against evolving cyber threats, ensuring that entry to to non-public and enterprise data stays steady. Implementing and continuously updating these authentication answers are critical steps in mitigating dangers associated with the growing sophistication of cyberattacks in the modern-day interconnected digital landscape.

Restraint Factor for the Mobile User Authentication Market

Privacy Concern to Limit the Sales

The use of biometric facts for authentication functions has sparked an ongoing debate over privacy worries. While biometrics provide comfort and strong protection, storing sensitive non-public records inclusive of fingerprints or facial features on gadgets raises apprehensions among customers. The ability dangers consist of unauthorized get admission to biometric templates and the misuse of captured facts for identification theft or surveillance purposes. Additionally, there are issues about the permanence and irreversibility of biometric statistics as soon as compromised. To address those problems, builders, and policymakers suggest for stringent security features, encryption protocols, and transparent user consent rules. Balancing the advantages of biometric authentication with safeguarding personal privacy is essential in fostering the belief and adoption of these technologies in the digital age.

Impact of Covid-19 on the Mobile User Authentication Market

The COVID-19 pand...

Enterprise Single Sign On Market size was valued at USD 4 Billion in 2023 and is projected to reach USD 12 Billion by 2031, growing at a CAGR of 14% during the forecast period 2024-2031.

Global Enterprise Single Sign On Market Drivers

The market drivers for the Enterprise Single Sign On Market can be influenced by various factors. These may include:

Growing Cybersecurity Threats: The increase in cybersecurity threats significantly drives the Enterprise Single Sign-On (SSO) market. Organizations face rising incidents of data breaches, phishing attacks, and unauthorized access attempts. Single Sign-On solutions improve security by minimizing password fatigue and enhancing user authentication processes. By allowing users to access multiple applications with a single set of credentials, SSO reduces the risk of password-related vulnerabilities. Consequently, businesses are adopting SSO to bolster their cybersecurity defenses, simplify user management, and comply with regulations, ensuring that sensitive data is adequately protected while enhancing the overall user experience.

Increasing Need for Regulatory Compliance: Regulatory compliance is a crucial market driver for the Enterprise SSO sector. As organizations navigate a landscape of growing regulations such as GDPR, HIPAA, and PCI DSS, they are under pressure to enhance their data protection measures. SSO solutions facilitate compliance by ensuring secure access to sensitive information, allowing organizations to maintain tighter control over user identities and data access. These solutions enable businesses to implement consistent access controls and audit trails, which are vital for regulatory reporting and accountability. Consequently, enterprises are increasingly adopting SSO as a strategic approach to meet compliance obligations effectively.

Global Enterprise Single Sign On Market Restraints

Several factors can act as restraints or challenges for the Enterprise Single Sign On Market. These may include:

High Implementation Costs: The initial setup and implementation of enterprise single sign-on (SSO) solutions can be prohibitively expensive for many organizations. Costs typically involve licensing fees, integration expenses, and potential costs associated with upgrading existing infrastructure. Moreover, ongoing maintenance and support costs can add to the financial burden. Smaller enterprises, in particular, may find it challenging to justify the investment compared to their overall IT budgets. The high cost of deployment may deter these organizations from adopting SSO solutions, leading to limited market growth. This factor can inhibit the penetration of SSO technology, resulting in a slower adoption rate among potential users.

Complexity of Integration: Integrating SSO solutions into diverse IT environments can prove complex and challenging. Organizations often utilize multiple applications, systems, and services that are not inherently compatible with SSO technology. The need for custom integration and the potential for disruptions during implementation increases the complexity of deploying SSO systems. Additionally, legacy systems may require significant modifications, which can further complicate the integration process. This complexity can lead to project delays, increased resource allocation, and even project failures in some cases, discouraging organizations from adopting SSO solutions that could otherwise enhance security and user convenience.

Image

https://www.googleapis.com/download/storage/v1/b/kaggle-user-content/o/inbox%2F1842206%2Fd4dd9853c2214e89f179cfb72f85be9b%2Fhacker2.png?generation=1720601229197012&alt=media" alt="">

Kaggle Previous Version of RockYou.txt

https://www.googleapis.com/download/storage/v1/b/kaggle-forum-message-attachments/o/inbox%2F1842206%2F0e4b20e3662c065318f7feefb42ef785%2Foriginal.png?generation=1720578063663708&alt=media" alt="">

The original RockYou.txt dataset was uploaded by @wjburns 5 years ago, with 95K downloads and 640 upvotes, which means Kaggle allows this type of data for research and educational purposes.

Files

This is the original RockYou2024.txt file just Zipped and spliced into 11 parts.

History

• https://en.wikipedia.org/wiki/RockYou

Everyone involved with Capture The Flag (CTF) has used the infamous rockyou.txt wordlist at least once, mainly to perform password cracking activities. The file is a list of 14 million unique passwords originating from the 2009 RockYou hack making a piece of computer security history. The “rockyou lineage” has evolved over the years.

https://www.youtube.com/watch?v=0_mQACSn6XM" alt="">

RockYou2024.txt

With the 2021 version we touched high numbers but with the newest release is the (apparently) ultimate amalgamation. RockYou2024 has been released by the user “ObamaCare” . This new version added 1.5 billion of records to the 2021 version reaching the 10 billions records. A wordlist can potentially be used for a multitude of tasks and having this number of records in a single file, especially in 2024 with increasingly aggressive data breaches, is a dream come true for attackers. The user have not specified the nature of the additional records but punctualize the new data comes from recent leaked databases.

From The New RockYou2024 Collection has been published!

Source

I got it from https://github.com/hkphh/rockyou2024.txt, but it was originally shared by a certain aka ObamaCare which I don't have any affiliation nor association with.

Cover Image

Generated with Bing Image Generator