THE LINK: http://zdnet.com.com/2100-1105-920092.htmlQuote:
Of nearly 3,300 passwords examined, the paper's authors, Ken Thompson and Robert Morris Sr., found about 17 percent consisted of three characters or less, nearly 15 percent had four characters that were a letter or a digit, and another 15 percent appeared in one of the dictionaries available at the time. In total, nearly half the passwords could be found in a search lasting less than six hours.
I think bad information on choosing a password holds some of the blame. Most system admins think that if you just throw a number on the end of a password it becomes uncrackable. Also many articles on choosing passwords suggest mixing up letters when in reality the password "snowboarding" is just as secure (random) as the password "zswerflpe". If you really want to give pasword crackes a hard time you should try a passwords like $/|/0\/\/B01Rd1ng (with a little alt + 255 at the end). Of course at some point you have to draw a compromise between what you can remember and what is secure.