Here are some disturbing statistics:
- A recent Hotmail security breach revealed that an overwhelming number of users are using predictable, insecure passwords:
- 61% of passwords were either only lowercase letters or all digits (examples: iloveyou or 123456).
- 20% of passwords were six or fewer characters.
- An estimated 1 in 9 people use one of the Top 500 passwords posted on WhatsMyPass.com
- 1 in 50 people are estimated to use one of the Top 20 passwords, among which are password, 123456, and qwerty.
- Many of the Top 500 passwords are simple dictionary words, curse words, or common first names.
- 60% of web users only have one password that they use for all of their online accounts, including Facebook, PayPal, email, and banks, according to a recent study.
A typical strong password guide looks a little something like this:
- At least 8 characters long
- At least three of the following:
- lower case letter
- capital letter
- numeral
- special character
But this really seems to miss the point. For example, go to Microsoft’s password checker and type in this password: qwerty123456! The checker gives this password strength “Best.” But is it really?
