4 comments

[ 1.5 ms ] story [ 17.2 ms ] thread
The 6 million username/password database was collected by Mark Burnett, author of Perfect Passwords, over the course of many years. Given that most people use a password strategy that involves stronger and more unique passwords for finance and ecommerce sites, I'm guessing that the vast majority of these username/password pairs were obtained from less important sites. Perhaps Mark will pipe in to clarify this point.
This is interesting but I don't think passwords gathered as he has constitutes a very representative sample of what normal people might use for normal services.
It may not be a representative example, especially when you consider corporate and banking password policies, but it does show how lame people will be if allowed to set passwords without restrictions.