Top 10 favourite passwords revealed

Analysis of some 32 million passwords recently exposed in the Rockyou.com breach has revealed that most people use weedy passwords which can easily be guessed.

In a report entitled Consumer Password Worst Practices, data security outfit Imperva published a list of the top ten most common passwords in order, it said, to help consumers and website administrators identify the passwords they should avoid when using social networking or e-commerce sites.

Here's the list:

1. 123456
2. 12345
3. 123456789
4. Password
5. iloveyou
6. princess
7. rockyou
8. 1234567
9. 12345678
10. abc123

"The data provides a unique glimpse into the way that users select passwords and an opportunity to evaluate the true strength of passwords as a security mechanism. Never before has there been such a high volume of real-world passwords to examine," said Imperva’s CTO Amichai Shulman.

"Everyone needs to understand what the combination of poor passwords means in today’s world of automated cyber attacks: with only minimal effort, a hacker can gain access to one new account every second - or 1,000 accounts every 17 minutes."

The shortness and simplicity of passwords means many users select credentials that will make them susceptible to basic forms of cyber attacks known as brute force attacks.

Shulman said a 1990 Unix password study showed a password selection pattern similar to what consumers select today.

"It's time for everyone to take password security seriously. It's an important first step in data security.