Last year, a major security breach at RockYou.com resulted in the release of 32 million passwords. With such a large data set available, security firm Imperva Application Defense Center (ADC) analyzed and found that, when given the chance, most users will choose a simplistic password.
Imperva found that nearly a third of users chose passwords whose length is equal or below six characters and almost 60 percent of users chose their passwords from a limited set of alpha-numeric characters. Almost half of users used names, slang words, dictionary words or trivial passwords (consecutive digits, adjacent keyboard keys, and so on), with the most common password being "123456".
Here are the top 20 most popular passwords from the RockYou.com leak.
Imperva notes that even though hacking techniques have become better, users of today are no wiser than those 20 years ago. The company's report says that a study of Unix password security in 1990 and hacked Hotmail passwords from 10 years ago showed little change.
So how can everyone get better? Imperva recommends the following:
1. Choose a strong password for sites you care for the privacy of the information you store. Bruce Schneir’s advice is useful: “take a sentence and turn it into a password. Something like “This little piggy went to market” might become "tlpWENT2m". That nine-character password won't be in anyone's dictionary.”
2. Use a different password for all sites – even for the ones where privacy isn’t an issue. To help remember the passwords, again, following Bruce Schneier’s advice is recommended: “If you can't remember your passwords, write them down and put the paper in your wallet. But just write the sentence – or better yet – a hint that will help you remember your sentence.”
3. Never trust a 3rd party with your important passwords (webmail, banking, medical etc.)
Who is changing his or her password today?