Security and characteristics of Japanese user-created passwords: a comprehensive analysis

Abstract Passwords remain the most widely used authentication method and play a critical role in maintaining practical security. Previous research has highlighted the influence of linguistic factors on the strength of user-created passwords, demonstrating that evaluating passwords created by users speaking languages other than English requires specific contextual knowledge. Despite this, no prior studies have specifically investigated the passwords of Japanese users. This paper presents the first study of the characteristics of Japanese user-created passwords across websites offering five types of services. Using a dataset of 48.5 million real-world leaked passwords, we conduct a comprehensive analysis of various aspects of password behavior. Our findings reveal several unique characteristics of Japanese web passwords. For instance, Japanese passwords exhibit greater dispersion compared to those of English and Chinese users, with keyboard-walk patterns being particularly prevalent among the most frequently used passwords. To address these findings, we propose a suggestion for helping users improve their password selection strategies. The experimental results demonstrate that the suggestion led to 82.15% and 93.88% of passwords being strengthened as evaluated by two effective PSMs, and reduced the cracking success rate of PCFG-guesser by up to 56.12%.