A recent data breach study has turned up damning evidence on the lack of security awareness with user-selected passwords.
Research firm Imperva conducted the Consumer Password Worst Practices study (PDF) following a major data breach at social networking site RockYou which made more than 32 million user passwords public.
An analysis of the leaked data showed that users are still selecting passwords that are easily guessed.
The study found that roughly a fifth of users had selected passwords that were among the 50,000 most common on the web. Among these were basic numerical sequences.
Nearly 300,000 of the compromised accounts used '123456' as a password, while an additional 79,078 selected '12345' and 76,790 users used '123456789'. Other commonly used passwords were 'password', 'iloveyou' and 'princess'.
By selecting such widely used passwords, users are leaving their accounts easily accessible to data harvesting, said Imperva. The report suggested that by using an automated 'brute force' tool based on the 50,000 common passwords list, an attacker could have harvested more than 1,000 account credentials in under 17 minutes.
"This means that the users, if allowed to, will choose very weak passwords even for sites that hold their most private data," said Imperva.
"Worse, as hackers continue to rapidly adopt smarter brute force password cracking software, consumers and companies will be at greater risk."
The report was quickly picked up by authentication vendors such as VeriSign to show the need for additional account protection such as randomly generated codes.
"The shortcomings of weak passwords and the need for stronger authentication solutions are becoming more and more evident," a company spokesperson told V3.co.uk.
"One-time passwords via two-factor authentication provide a critical layer of security to counter such threats."
Others in the security community suggested stepping up the enforcement of best practices. Gartner vice president and research fellow John Pescatore suggested in a blog post that administrators should prod users to strengthen their login details.
"The passwords users create are the equivalent of them choosing front door locks that open with skeleton keys," wrote Pescatore.
"We will be stuck with passwords for a long time and, since users will complain no matter what we do to enforce password discipline, this little exercise points out that we should focus on annoying users by requiring strong passwords versus frequently changed passwords."
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago