Password Paradox

Mandy, a lovely and talented young coder has just finished work on one of the graphics components for our company software. She wanders over to the test server to validate her changes. She hits Ctrl-Alt-Delete, types in her password and logs on.

“Hey!”, Mandy exclaims after a few minutes. “This isn’t my account.”

“Hm?”, I ask.

“This isn’t my account. OMG someone must have the same password as me!”

“Did you not change your default password?”

“Yeah I did”, she says.

“Maybe it’s like the birthday paradox?”, I suggest.

“The what?”

“If you have a group of 23 people, there is a 50% chance of two of them sharing the same birthday. Maybe it’s the same with passwords”.

“Hm, well this is really weird”, she says as she finshes her work.

I ponder what the probability is of two people in a company sharing the same password.

Let’s assume everyone is using a random-8-digit password.

  • There are 94 possible characters available on a standard keyboard, namely [a-zA-Z0-9] and punctuation.
  • If I use a random 8-character password, the chances of anyone quessing that password is:Probability of guessing a random 8-character password
  • Now, using the birthday paradox principle, the chances of anyone sharing a password in a group, where n = size of the group and s=6,095,689,385,410,816 is:
  • Applying the birthday paradox

Of course anything higher than 100!, is representative of more atoms than there are in the known universe. So, asking bc to compute the above probability for n=50, and q=1/94^8 is like asking George Bush to integrate ln(2x^2).

Fortunately, we can approximate this using the Taylor series:

Approximating

And still even in a company the size of Microsoft the probability of any two employees sharing a random 8-character password is stupendously small.

Mandy shared hers with her cube-mate, I can only assume her password must have been ‘p@ssw0rd’, ‘Passw0rd’, or ‘mandyiscool’.

DISCLAIMER: This post is fictional. Any resemblances to real-life characters are coincidental.

This entry was posted in IT and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published.