Only five percent of current passwords discovered are considered to be “excellent” by internet security specialists. How do they know that? Where do password lists come from if they’re supposed to be secure?
The Internet is farmed on a regular basis for one thing only: Money. Your surfing habits are monitored in order to better tailor ads for that revenue, and, with a sucker born every minute (more frequently online), spyware and server breaches are busy discovering password hashes and checking for new security measures. Keeping up with the Jones’s means also knowing how they’re keeping themselves. Without the provocation, there would be little need for security innovation.
Failed security means that hackers in the world or internet security specialists gain access to passwords – often MILLIONS of passwords. Sometimes these lists are even published by accident like one from AOL containing a staggering 47 million accounts. What we find is that the weakest link in security, your security, can be you. 123456789 is just a game on the number pad, NOT something that should be used as a password. But that very string shows up 4,875 times in one recent list of 1.8 million accounts. “123456,” 15,820 times.
In this same list, only 90,000 accounts, 5%, weren’t so obvious and were considered excellent. What’s the point? You might ask. Often times, software that cracks passwords is very cumbersome to use. A new user can direct it to crack a password that’s obvious but cannot manage the software to calculate possibilities that could exist. So if the target is not in that list, it’s harder for the passing cracker or weekend warrior though the experienced internet security folks could still work something out. Link
Even that software gets exhausted since it taxes the processors and can overheat a computer forcing it to shut down. Longer passwords with more peculiar, non-standard characters are both a pain in the ass to remember and more difficult for software to calculate and less likely to appear in published lists.