1) These five user passwords accounted for 3.2 million of the 130 million accounts that were stolen in the Adobe hack of 2013: “123456,” “12345678,” “Password,” “Adobe123” and “12345678.” source
2) An analysis of 11 million stolen passwords for cloud services conducted by Skyhigh Networks found that just 20 passwords constitute 10.3% of all passwords in use.
3) The minimum password length experts now recommend to avoid being compromised by brute-force cracking is 13
4) In 2012, a password-cracking experts unveiled a five-server clustered computing environment powered by 25 graphics cards that could cycle through 350 billion password guesses per second. That means it could try every possible Windows passcode in a typical enterprise in less than six hours. There is no record of anyone building a faster machine since.
5) About 40% of organizations store privileged and administrative passwords in a Word document or spreadsheet.
6) It would take a typical brute-force password cracking program 12 years, four months and 16 days to unscramble the random eight-character password “z7S69s@9.” Source
7) The same password would have taken a cracker built with 1990 technology 6,495 years.
8) In 2020 it’ll take about 9 years, six months and 18 days.
9) Experts believe a quantum computer will be able to do it in less than five seconds.
10) When people are asked to include a number in a password, the majority simply add a “1” or a “2” at the end.
11) Two-thirds of people use no more than two passwords for all their online accounts. Source
12) The top 10 most-used password list has barely changed in the last five years.
13) Experts says a great technique for creating a secure password is to use the first letter of each word in a phrase (esagtfcaspitutfloewiap). Mixing in a single random symbol (!*$@) dramatically improves security.
14) Thirty percent of phishing emails get opened. Source
15) Nine out of 10 phishing emails carried ransomware in March, 2016. Source
16) Many experts now believe that frequent password changes actually worsen computer security because people tend to choose minor variations of their current passwords so they’ll be 17 easier to remember.
17) This is a list of the 10,000 most frequently used passwords. If any of yours are on it, your account will be compromised in seconds by any of the most common dictionary-based cracking tools.
18) Retail was the most-targeted industry for phishing attacks in the first quarter of 2016 by more than a two-to-one margin over any other industry. Source
19) An eight-character password using only upper- or lower-case characters has 200 billion potential combinations. Source
20) An eight-character password using a combination of upper- and lower-case characters has 53 trillion billion potential combinations. – Source