Security companies sometimes get to analyse real people’s passwords and create interesting reports. Imperva has just done that, analysing 32 million passwords used on the Rockyou.com site (which was recently hacked).
Below is a summary of their findings. Why is this important to you? Because it means that statistically, you probably have a weak password that can be guessed.
- 41% of passwords only use lower case letters (weak)
- 15% of passwords only user numerals (even weaker)
- Nearly 50% of people used names, slang words, dictionary words or trivial words as their passwords. These can be guessed in seconds by a “brute force” program.
The ten most common passwords were:
- 123456
- 12345
- 123456789
- Password
- iloveyou
- princess
- rockyou
- 1234567
- 12345678
- abc123
If you use any of these as your password then change it now, it’s too easy to guess, especially now that everyone can see this list.
For tips on how to choose a good password read our previous article. And here are some tips on testing how good your password is.
Imperva’s complete report is here. It’s full of interesting technical details on what they found and what the risks are.