The most disturbing thing about the recent Hotmail security breach is the number of insanely weak passwords it revealed.
Around 10,000 Hotmail logins and passwords were published online recently in a major security scare for users. Security "breach" may not be the right word, as Microsoft insists its security was not penetrated. Instead Microsoft claims the passwords were harvested by a phishing attack, although there are also indications some were collected by spyware.
Such phishing attacks are a worry, but what's more of a worry is people's choice of password. Analysis by security research group Acunetix found many of the passwords obtained by the phishing attack were insanely weak. Forty-two percent of those caught used passwords containing only lower case letters, while 19 percent contained only numbers. Thirty-seven percent of passwords had less than 8 characters. The most common password was 123456, followed by 123456789.
Only 6 percent of passwords captured contained letters, numbers and other characters. Perhaps there is a direct correlation between people's likelihood to choose a stupid password and their likelihood to fall for a phishing attack or get infected by spyware.
