A recent article on Wired.com (MySpace Passwords Aren’t So Dumb), revealed some interesting things about how people choose passwords. It analysed 34,000 user names and passwords from the social networking site MySpace*.
- The average password is eight characters long. (Longer passwords are better.)
- Just under 10 percent of passwords used only letters. (A mix of letters, punctuation and numbers is better.)
So, it looks like most users are using strong passwords. However, appearances can be deceptive.
The top five passwords (used by about 340 users) were depressingly easy to guess:
password1, abc123, myspace1, password, blink182 (apparently, they’re musicians, m’lud)
Many of the others were lower case words from the dictionary with a single digit at the end. This is also bad news.
Two suggestions for you:
- Check out our advice on choosing a strong password.
- Use Microsoft’s Password Checker to test out different passwords and see which ones work.
* One caveat: the data was gathered as a by-product of a phishing attack on the site. You could argue that someone who falls for a phishing attack is also less likely to use a strong password.
{ 2 comments… read them below or add one }
Microsoft Password Checker favours mixed case and alpha-numeric characters – but applies a premium to 8 or more characters.
It therefore rates the guessable “Password1″ as Strong, whilst the obscurer, but only marginally shorter, “Rm8!32q%” is considered Weak.
The trick it seems is to create a password that is easy to remember, but very hard to guess…
Hello,
It tested “Rm8!32q%” again today on microsoft website, and it’s rated as “Strong”.