Abstract or Summary:
This paper describes 6226 user-selected passwords that were used to authenticate 7014 computer user identities on a university timesharing system in use during the spring semester of 1987. The emphasis here is not on the critically important extrinsic attribute of the secrecy of the password, but on the intrinsic attributes -- what do passwords look like? The analysis confirms what many feel they already know -- that left to their own, users select passwords that are simple, easy to remember, based on personal vitae or clues, or job or project related. Our access to the set of passwords forming the database for this paper is a unique, one-time event. The value of this exercise is, we believe, to further specify what passwords are chosen in the absence of any controls. Later in the article, we examine the intersection of these timesharing passwords and those known to have been used to access and infest the Internet systems.