[Kootle]

The author, some of the comments here and especially the author of the Gizmodo article seem to lament the fact that passwords aren't stronger. I have no idea about whether or not that is justified, but a list of the most common passwords is in no way reflective of average password strengths. A good password is probably unique in the world so by definition the only passwords on this list are those that are trivially easy to come up with. A more interesting statistic, I think, is what percentage of the world's passwords is '123456'.

[connoredel]

This is a good point. If these are each used by 2 people, it's not very interesting. It's sort of implied by the attention these stories get that the problem is much bigger than that, but I agree the story is incomplete without the magnitudes. And for the rest of us, we should care about the _trend_ of the % population using common passwords. In order to be safe, you probably need to stay above some constant level that is "good enough" for any hacker trying patterns or brute forcing. As the bottom gets more secure after reading articles like this or adopting password managers, we all need to step up our game. The first to go will be people who do things like:

- put a capital letter first and only first when a capital letter is required

- put a special character last and only last when a special character is required

- put a number next to last and only next to last when a number and a special character are both required

These will be the next patterns tried after the most common passwords, dictionary attacks, etc. -- and if you stay ahead of _these_ people then you'll be good for a while.