- The top passwords were:
- #1: 123456
- #2: 12345
- #3: 123456789
- #4: Password
- #5: iloveyou
- 30% of users had passwords of 6 characters or less.
- Almost 50% of passwords were composed of: "used names, slang words, dictionary words or trivial passwords (consecutive digits, adjacent keyboard keys, and so on).
- Less than 4% of passwords had any special characters.
a hacker will gain access to one new account every second or just less than 17 minutes to compromise 1000 accounts.One of the recommendations is for administrators to
After the first wave of attacks, it would only take 116 attempts per account to compromise 5% of the accounts, 683 attempts to compromise 10% of accounts and about 5000 attempts to compromise 20% of accounts.
Make sure passwords are not kept in clear text. Always digest password before storing to DB.I believe it is irresponsible that some web-based applications are still storing passwords in plain text, and just as bad, to be able to send you your "old" password (meaning the password is either stored in plain text or in a reversible "encryption" format).
Note: emphasis is mine
Src: Imperva report - Consumer Password Worst Practices