32 Million passwords were compromised from Rockyou.com and Imperva took a look at the brilliant passwords used by your fellow Internet users. The top ten?
And you wonder why companies are considering security tokens?
Actually, I think moving to device with an independent communications channel, such as SMS messages to a phone, is equally promising and, potentially, lower cost.
Good passwords, combined with good system design, can keep out third party attackers. Unfortunately, phishing and key loggers seem to be the rule, not the exception (if nothing else, they imply that MANY people do have good passwords).
Yelling at people to "CHOOSE A BETTER PASSWORD" is not really an option. Clearly, there are a lot of behavioral factors involved... it is the challenge for security system designers to design security systems that work with actual people rather than some abstract, ideal, homo securus.
