Poll: Should we abandon the password?

A study of 32 million passwords revealed that "123456" was used by over 290,000 users. Is it time to abandon the password?

IT professionals have long known that most users choose insecure passwords. This fact was proven once again by an analysis of over 32 million passwords--released on the Internet as part of a data breach a RockYou.com. Imperva, a data security firm, analyzed the data and discovered, among other things, that over 290,000 users had a password of "123456".

Here are the top 10 passwords by popularity:

  1. 123456 - 290,731 users
  2. 12345 - 79,078 users
  3. 123456789 - 76,790 users
  4. Password - 61,958 users
  5. Iloveyou - 51,622 users
  6. Princess - 35,231 users
  7. Rockyou - 22,588 users
  8. 1234567 - 21,726
  9. 12345678 - 20,553
  10. abc123 - 17,542

Imperva's analysis also showed that about 30 percent of users had passwords with six of fewer characters and nearly half of users "used names, slang words, dictionary words or trivial passwords (consecutive digits, adjacent keyboard keys, an so on)." Considering the above information, can passwords ever be secure? Is it time for a new security mechanism? What should that new authentication mechanism be?

Here are a collection of password resources and discussions from other areas of TechRepublic: