Imperva’s Top 20 weakest passwords
In December 2009, a major password breach occurred that led to the release of 32 million passwords1. Further, the hacker posted to the Internet2 the full list of the 32 million passwords (with no other identifiable information). Passwords were stored in clear- text in the database and were extracted through a SQL Injection vulnerability3. The data provides a unique glimpse into the way that users select passwords and an opportunity to evaluate the true strength of these as a security mechanism. In the past, password studies have focused mostly on surveys4. Never before has there been such a high volume of real-world passwords to examine.
The Imperva Application Defense Center (ADC) analyzed the strength of the passwords.
