Skip to main content
Kent Academic Repository

PassViz: A Visualisation System for Analysing Leaked Passwords

Parker, Sam, Yuan, Haiyue, Li, Shujun (2024) PassViz: A Visualisation System for Analysing Leaked Passwords. In: Proceedings of the 2023 20th IEEE Symposium on Visualization for Cyber Security. . pp. 33-42. IEEE ISBN 979-83-503-1794-7. E-ISBN 979-83-503-1793-0. (doi:10.1109/VizSec60606.2023.00011) (KAR id:102913)


Passwords remain the most widely used form of user authentication, despite advancements in other methods. However, their limitations, such as susceptibility to attacks, especially weak passwords defined by human users, are well-documented. The existence of weak human-defined passwords has led to repeated password leaks from websites, many of which are of large scale. While such password leaks are unfortunate security incidents, they provide security researchers and practitioners with good opportunities to learn valuable insights from such leaked passwords, in order to identify ways to improve password policies and other security controls on passwords. Researchers have proposed different data visualisation techniques to help analyse leaked passwords. However, many approaches rely solely on frequency analysis, with limited exploration of distance-based graphs. This paper reports PassViz, a novel method that combines the edit distance with the t-SNE (t-distributed stochastic neighbour embedding) dimensionality reduction algorithm for visualising and analysing leaked passwords in a 2-D space. We implemented PassViz as an easy-to-use command-line tool for visualising large-scale password databases, and also as a graphical user interface (GUI) to support interactive visual analytics of small password databases. Using the “000webhost” leaked database as an example, we show how PassViz can be used to visually analyse different aspects of leaked passwords and to facilitate the discovery of previously unknown password patterns. Overall, our approach empowers researchers and practitioners to gain valuable insights and improve password security through effective data visualisation and analysis.

Item Type: Conference or workshop item (Paper)
DOI/Identification number: 10.1109/VizSec60606.2023.00011
Subjects: N Visual Arts > N Visual arts (General). For photography, see TR
Q Science > QA Mathematics (inc Computing science) > QA 75 Electronic computers. Computer science
Q Science > QA Mathematics (inc Computing science) > QA 76 Software, computer programming, > QA76.76 Computer software > QA76.76.I59 Interactive media, hypermedia
Q Science > QA Mathematics (inc Computing science) > QA 76 Software, computer programming, > QA76.9.H85 Human computer interaction
Divisions: Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing
University-wide institutes > Institute of Cyber Security for Society
Funders: University of Kent (
Depositing User: Shujun Li
Date Deposited: 22 Sep 2023 20:53 UTC
Last Modified: 17 Feb 2024 09:55 UTC
Resource URI: (The current URI for this page, for reference purposes)

University of Kent Author Information

  • Depositors only (login required):

Total unique views for this document in KAR since July 2020. For more details click on the image.