The phishing attack that led to more than 10,000 Hotmail, MSN and Live.com passwords being exposed online earlier this week has provided an interesting glimpse into the mindset of email users when setting up their accounts.
A researcher who managed to look at the 10,000 or so Hotmail, MSN and Live.com passwords published an analysis of the list and the strength of passwords used.
According to the analysis, one of the simplest passwords around, ‘123456’ appeared 64 times in the list. Undoubtedly, those account users would do well to change it as soon as possible but judging by people’s attitudes towards passwords, I doubt that many of those 64 account holders will choose anything more complex than adding an ‘a’ at the beginning.
Some of the other statistics are quite interesting. Forty-two percent of the passwords only use lowercase letters from ‘a to z’, while only 6% used mixed alpha-numeric and other characters.
The analysis shows that one-fifth of the passwords were only six characters long although the longest had 30 characters. The shortest was 1 character long.
A good number of passwords were formed using first names which is just as secure as having no password at all.
As Emmanuel Carabott explains, it is very important that people not only create strong passwords but they also change them regularly. Furthermore, it is good practice to use different passwords for different accounts so that if one is compromised, your other accounts or memberships will not be affected.
A lot of people are worried that if they use very strong or long passwords, they will forget them and not be able to access their email. While this is a valid point, it is possible to create a strong password that you can and will remember. For example, you can choose a phrase or a combination of words that are of particular significance: I love chocolate. By changing a few characters you can create a strong password:!loveCh0c0late.
Read the following Technet article for guidelines on choosing strong passwords.