London, 21^st January, 2010—Imperva, the leader in Data Secur­ity, announced today the release of study ana­lyz­ing 32 million pass­words recently exposed in the Rockyou.com breach.  Imperva’s Applic­a­tion Defense Center (ADC) ana­lyzed the strength of the pass­words in a report, Con­sumer Pass­word Worst Prac­tices, that ana­lyzes 32 million pass­words to help con­sumers and website admin­is­trat­ors identify the most com­monly used pass­words they should avoid when using social net­work­ing or e-commerce sites.

The report can be down­loaded at:  http://www.imperva.com/ld/password_report.asp (regis­tra­tion not required).

The report iden­ti­fies the most com­monly used passwords:

• 123456
• 12345
• 123456789
• Pass­word
• iloveyou
• prin­cess
• rockyou
• 1234567
• 12345678
• 10.  abc123

“Every­one needs to under­stand what the com­bin­a­tion of poor pass­words means in today’s world of auto­mated cyber attacks: with only minimal effort, a hacker can gain access to one new account every second—or 1000 accounts every 17 minutes,” explained Imperva’s CTO Amichai Shulman.  “The data provides a unique glimpse into the way that users select pass­words and an oppor­tun­ity to eval­u­ate the true strength of pass­words as a secur­ity mech­an­ism.  Never before has there been such a high volume of real-world pass­words to examine.”

Some key find­ings of the study include:

• The short­ness and sim­pli­city of pass­words means many users select cre­den­tials that will make them sus­cept­ible to basic forms of cyber attacks known as “brute force attacks.”
• Nearly 50% of users used names, slang words, dic­tion­ary words or trivial pass­words (con­sec­ut­ive digits, adja­cent key­board keys, and so on). The most common pass­word is “123456”.
• Recom­mend­a­tions for users and admin­is­trat­ors for choos­ing strong passwords.

For enter­prises, pass­word insec­ur­ity can have serious con­sequences.  “Employ­ees using the same pass­words on Face­book that they use in the work­place bring the pos­sib­il­ity of com­prom­ising enter­prise systems with insec­ure pass­words, espe­cially if they are using easy to crack pass­words like ‘123456’,” said Shulman.

“The problem has changed very little over the past 20 years,” explained Shulman, refer­ring to a 1990 Unix pass­word study that showed a pass­word selec­tion pattern similar to what con­sumers select today.  “It’s time for every­one to take pass­word secur­ity ser­i­ously; it’s an import­ant first step in data security.

Imperva will host a webinar detail­ing the study’s find­ings.  To register, please sign up here: https://imperva.webex.com/imperva/onstage/g.php?d=792179849&t=a&SourceID=004