Troy Hunt posted an article on poor password protection practices (try saying that fives times fast), resulting from an analysis of a major corporate data breach. Some of the highlights were:
- 93% of passwords are only 6 to 10 characters long
- Two-thirds of passwords are reused across different services
- Over a third of passwords can be found in a common dictionary
This is bad news for two reasons:
- Lots of passwords are easy to guess
- If an attacker guesses a password, chances are they can use the same password to access other services
The key is to use passwords that are long, complex, and difficult to guess. The challenge, of course, is that the harder a password is to guess, the harder it is for us to remember.