Make strong passwords. Make strong passwords. Our high school computer teacher beat the mantra into our heads, at least until the day we forgot our log on, a non-dictionary jumble that consisted of 39 upper- and lower-case letters, numbers, ampersands, exclamation points and any other special characters we could jam in there. After restoring our account, Mr. O'Donnell changed the mantra to, "Make kinda strong passwords." Microsoft MVP Troy Hunt analyzed the user information leaked in the recent LulzSec hack of Sony Pictures, and discovered that most people's passwords not only aren't kinda strong, but usually down-right crappy.
Troy tested 37,608 accounts in total. Analysis shows that 93 percent of all the passwords clocked in between 6 and 10 characters, not surprising given the 6- or 8-character minimum imposed by most services. Next, Troy took a look at variation of character types in the passwords. As Maximum PC readers no doubt know, varied passwords are harder to crack. Troy defined four different types of characters: uppercase, lowercase, numbers, and everything else. And wow, are the results disappointing!
Only 4 percent of users had a mix of three or more different types of characters. Over 50 percent only used a single type, and less than 1 percent used a nonalphanumeric, or special, character.
There's lots of more juicy analysis where that came from. Troy was even kind enough to list the top 25 most common passwords. Check them out below. You'll find 22 in all lowercase letters, and two of the three that aren't are "123456" and "abc123". In case you were wondering, yes, "password" is in there.