A recent data breach study has turned up damning evidence on the lack of security awareness with user-selected passwords.
Research firm Imperva conducted the Consumer Password Worst Practices study (PDF) following a major data breach at social networking site RockYou which made more than 32 million user passwords public.
An analysis of the leaked data showed that users are still selecting passwords that are easily guessed.
The study found that roughly a fifth of users had selected passwords that were among the 50,000 most common on the web. Among these were basic numerical sequences.
Nearly 300,000 of the compromised accounts used '123456' as a password, while an additional 79,078 selected '12345' and 76,790 users used '123456789'. Other commonly used passwords were 'password', 'iloveyou' and 'princess'.
By selecting such widely used passwords, users are leaving their accounts easily accessible to data harvesting, said Imperva. The report suggested that by using an automated 'brute force' tool based on the 50,000 common passwords list, an attacker could have harvested more than 1,000 account credentials in under 17 minutes.
"This means that the users, if allowed to, will choose very weak passwords even for sites that hold their most private data," said Imperva.
"Worse, as hackers continue to rapidly adopt smarter brute force password cracking software, consumers and companies will be at greater risk."
The report was quickly picked up by authentication vendors such as VeriSign to show the need for additional account protection such as randomly generated codes.
"The shortcomings of weak passwords and the need for stronger authentication solutions are becoming more and more evident," a company spokesperson told V3.co.uk.
"One-time passwords via two-factor authentication provide a critical layer of security to counter such threats."
Others in the security community suggested stepping up the enforcement of best practices. Gartner vice president and research fellow John Pescatore suggested in a blog post that administrators should prod users to strengthen their login details.
"The passwords users create are the equivalent of them choosing front door locks that open with skeleton keys," wrote Pescatore.
"We will be stuck with passwords for a long time and, since users will complain no matter what we do to enforce password discipline, this little exercise points out that we should focus on annoying users by requiring strong passwords versus frequently changed passwords."
NatWest outage comes a day after Barclays' IT systems shut out customers and staff
The ICO is concerned with AggregateIQ's retention and processing of data used in the Brexit referendum
Map selection, quick menus for grenades and healing items and automatic reload coming in PUBG update #22
Could be used for everything from search-and-rescue robots to wearable tech