
10,000 passwords are 99.8% of all user passwords in 6m username/pwd database - FilterJoe
http://xato.net/passwords/more-top-worst-passwords#.TgAZYDj5lr8;hackernews
======
FilterJoe
The 6 million username/password database was collected by Mark Burnett, author
of Perfect Passwords, over the course of many years. Given that most people
use a password strategy that involves stronger and more unique passwords for
finance and ecommerce sites, I'm guessing that the vast majority of these
username/password pairs were obtained from less important sites. Perhaps Mark
will pipe in to clarify this point.

~~~
m8urn
I wrote a recent blog post that explains the sources:
<http://xato.net/passwords/how-i-collect-passwords>

------
pbreit
This is interesting but I don't think passwords gathered as he has constitutes
a very representative sample of what normal people might use for normal
services.

~~~
m8urn
It may not be a representative example, especially when you consider corporate
and banking password policies, but it does show how lame people will be if
allowed to set passwords without restrictions.

