The premise: Knowing a persons password history should provide information to help when guessing a new password of theirs.
At an extreme end, with a password history of
wildcats2, I’d guess there is less than 1 bit of entropy in their next answer.
At the other extreme end, someone with randomly generated passwords would lose no information in their history. From an information-theoretic point of view, I imagine this is something we can estimate using the large amounts of password history data available in the world.
Somewhere in the middle, a history of “wildcats!Reddit”, “crazydogs!Facebook”, “locobirds!Stackexchange” would give me some good ideas for a Twitter password, and would greatly reduce the entropy of their hash. Of course, this would be related to the concept of password strength.
I’m not so well-read on security, but I assume my idea is not unique. Is there a name for this concept? Do we know any real-world values for the amount of information gained / entropy lost?