Analysis of 32 Million Breached Passwords

An anonymous reader writes "Imperva released a study analyzing 32 million passwords exposed in the Rockyou.com breach. The data provides a unique glimpse into the way that users select passwords and an opportunity to evaluate the true strength of these as a security mechanism. In the past, password studies have focused mostly on surveys. Never before has there been such a high volume of real-world passwords to examine." Most interesting to me was that in the sample, less than 4% used any non alpha-numerics in their #$#%'ing passwords.

Obligatory Spaceballs Reference

[Pollux]

Roland: One.
Dark Helmet: One.
Colonel Sandurz: One.
Roland: Two.
Dark Helmet: Two.
Colonel Sandurz: Two.
Roland: Three.
Dark Helmet: Three.
Colonel Sandurz: Three.
Roland: Four.
Dark Helmet: Four.
Colonel Sandurz: Four.
Roland: Five.
Dark Helmet: Five.
Colonel Sandurz: Five.
Dark Helmet: So the combination is... one, two, three, four, five? That's the stupidest combination I've ever heard in my life! The kind of thing an idiot would have on his luggage!

-----

President Skroob: What's the combination?
Colonel Sandurz: 1 - 2 - 3 - 4 - 5.
President Skroob: 1 - 2 - 3 - 4 - 5?
Colonel Sandurz: Yes.
President Skroob: That's amazing! I've got the same combination on my luggage!

Re:Have they released the list anywhere?

[QuantumRiff]

Post it here, I'll check it for you.. Don't worry, Slashdot blanks your password.

My password is *******

See, blanked out!

Re:Password strength vs. how often you change it

.., followed by "1111" then "2222" then "3333" and so forth...

Dont you mean so 4444th.

Re:Password strength vs. how often you change it

[Opportunist]

Hey, I used to use a password that could be found on my coworker's monitor, in plain view. I had the idea when they required me to come up with a secure, 10-digit-or-more password containing alphanumeric characters and his monitor's serial number fit the bill.