Recent Gawker Hack Analysis Reveals Incredibly Weak Passwords - AMAZING how easy

[mjp28]

HOW LAZY OR MAYBE STUPID CAN SOME PEOPLE BE?
-----------------------------------------------------------
Gawker Hack Analysis Reveals Incredibly Weak Passwords
By Gregg Keizer, Computerworld Dec 14, 2010 8:09 am

Key findings:
» About 30% of users chose passwords whose length is equal or below six characters.
» Moreover, almost 60% of users chose their passwords from a limited set of alpha-numeric
characters.
» Nearly 50% of users used names, slang words, dictionary words or trivial passwords (consecutive
digits, adjacent keyboard keys, and so on). The most common password among Rockyou.com
account owners is “123456”.

Password Popularity – Top 20
Rank Password Number of Users with
Password (absolute)
1 123456 290731
2 12345 79078
3 123456789 76790
4 Password 61958
5 iloveyou 51622
6 princess 35231
7 rockyou 22588
8 1234567 21726
9 12345678 20553
10 abc123 17542
11 Nicole 17168
12 Daniel 16409
13 babygirl 16094
14 monkey 15294
15 Jessica 15162
16 Lovely 14950
17 michael 14898
18 Ashley 14329
19 654321 13984
20 Qwerty 13856

If a hacker would have used the list of the top 5000 passwords as a dictionary for brute force attack on Rockyou.
com users, it would take only one attempt (per account) to guess 0.9% of the users passwords or a rate of one
success per 111 attempts. Assuming an attacker with a DSL connection of 55KBPS upload rate and that each
attempt is 0.5KB in size, it means that the attacker can have 110 attempts per second. At this rate, a hacker will
gain access to one new account every second or just less than 17 minutes to compromise 1000 accounts. And the
problem is exponential. After the first wave of attacks, it would only take 116 attempts per account to compromise
5% of the accounts, 683 attempts to compromise 10% of accounts and about 5000 attempts to compromise 20%
of accounts.

[AutoModGod]

Interesting.  Password is actually, the 4th most used password?  That is lazy ....