YouPorn got hacked and the user names and passwords leaked onto the web. The information is interesting, with passwords being very simple and most emails having been created for the purpose of consuming adult material.

The common passwords contain the usual suspects… well, slightly more sexual, actually, than usual.

"Just before the holiday weekend, as their final act of defiance in 2011, AntiSec supporters published nearly a million records taken during the Christmas Eve attack on Strategic Forecasting Inc. The Tech Herald has examined the list of 860,160 passwords hashes that were leaked, and the results of our tests were both expected and pitiful.<br />"We’re sorry to report that the state of password management and creation is still living in the Dark Ages."<br /><br />This story never changes. Why are we surprised any more? Are we surprised any more? The more worrying aspect is "password recycling" where people use the same password in multiple places.

Confusing tale, but huge implications.

Inspired by <a href="http://xkcd.com/936/">this XKCD strip</a>.

"We end up with 93% of accounts being between 6 and 10 characters long which is pretty predictable. Bang on 50% of these are less than eight characters. It’s interesting that seven character long passwords are a bit of an outlier – odd number discrimination, perhaps?<br />
"I ended up grouping the instances of 20 or more characters together – there are literally only a small handful of them. In fact there’s really only a handful from the teens onwards so what we’d consider is a relatively secure length really just doesn’t feature."<br />
<br />
Interesting analysis; only 1% of passwords don't contain an alphanumeric character. But of course those 20-character passwords are all useless anyway, as they were stored in cleartext.