Passwords: Easier to guess than you think

An interesting analysis of how most people use really bad choices when they pick a password:

If there is a silver lining in the phishing attack that let 34,000 MySpace passwords loose, it’s that Roger Grimes got to analyze them.  “Being able to collect and analyze such a large number of passwords from a wide range of users doesn’t usually happen when you’re on the white-hat side of things,” he explains in this installment of Security Adviser.  One of the lessons learned: “An exploited Web site that’s completely unrelated to your company could still put your company at risk.  Remind all employees not to use their company passwords on noncompany Web sites, if at all.”  Another is that “Cuss words were very popular.  Boy, there’s a lot of aggression out there.”