Thursday, January 21, 2010

Imperva Releases Detailed Analysis of 32 Million Breached Consumer Passwords

Seems that password security is still a huge issue for enterprises and for consumers. The recent analysis report from Imperva is a little scary and enlightening at the same time. Granted this is analysis of consumer grade passwords for a website but it still offers insight into how people go about using and generating passwords.

Some fascinating items from the reports findings of the most common passwords:
  1. 123456
  2. 12345
  3. 123456789
  4. Password
  5. iloveyou
  6. princess
  7. rockyou
  8. 1234567
  9. 12345678
  10. abc123
I think given that the website was rockyou.com we can safely remove that one from the list. What you are left with are passwords that you should be eliminating as acceptable within your environment. In addition, the graphs show in the report that only 3.81% of users used special characters in their passwords. They also state "Nearly 50% of users used names, slang words, dictionary words or trivial passwords (consecutive digits, adjacent keyboard keys, and so on)."

Gets you thinking that OTP + pin or smartcards might be the only real way to enforce true high quality password security for consumers or enterprises.
- Ed

No comments: