Mandy, a lovely and talented young coder has just finished work on one of the graphics components for our company software. She wanders over to the test server to validate her changes. She hits Ctrl-Alt-Delete, types in her password and logs on.
“Hey!”, Mandy exclaims after a few minutes. “This isn’t my account.”
“Hm?”, I ask.
“This isn’t my account. OMG someone must have the same password as me!”
“Did you not change your default password?”
“Yeah I did”, she says.
“Maybe it’s like the birthday paradox?”, I suggest.
“If you have a group of 23 people, there is a 50% chance of two of them sharing the same birthday. Maybe it’s the same with passwords”.
“Hm, well this is really weird”, she says as she finshes her work.
I ponder what the probability is of two people in a company sharing the same password.
Let’s assume everyone is using a random-8-digit password.
- There are 94 possible characters available on a standard keyboard, namely [a-zA-Z0-9] and punctuation.
- If I use a random 8-character password, the chances of anyone quessing that password is:
- Now, using the birthday paradox principle, the chances of anyone sharing a password in a group, where n = size of the group and s=6,095,689,385,410,816 is:
Of course anything higher than 100!, is representative of more atoms than there are in the known universe. So, asking bc to compute the above probability for n=50, and q=1/94^8 is like asking George Bush to integrate ln(2x^2).
Fortunately, we can approximate this using the Taylor series:
And still even in a company the size of Microsoft the probability of any two employees sharing a random 8-character password is stupendously small.
Mandy shared hers with her cube-mate, I can only assume her password must have been ‘p@ssw0rd’, ‘Passw0rd’, or ‘mandyiscool’.
DISCLAIMER: This post is fictional. Any resemblances to real-life characters are coincidental.