Software architect and Microsoft (News - Alert) MVP Troy Hunt recently analyzed SonyPictures.com users account information, which was released by the hacking group LulzSec. The analysis reveals that users apply unintelligent password practices and then use the same password or something very similar when utilizing password reset software.

In fact, the findings posted on the software architect’s blog reveal that half of passwords use fewer than eight characters, while only 4 percent of passwords use more than three character types (uppercase, lowercase, numbers). Likewise, less than 1 percent of passwords use non-alphanumeric characters. Furthermore, the expert found that a majority of the people are relaxed when it comes to reuse. In fact, analysis reveals that a vast majority of people even reuse their passwords on other websites.

To see how rampant password reuse is, Hunt looked at two independent Sony locations within the organization released by LulzSec. He found that they contained over 2,000 identical email addresses, meaning that someone has registered on both databases and were simply reusing the same password on multiple Sony websites .Thus, indicating the use of an unintelligent password reset software or complete lack of it.  

Regarding randomness, Hunt did some analysis on Gawker (News - Alert) database to discover that there are 25 identical passwords used by different people. These include seinfeld, password, winner, 123456, purple, sweeps, contest, princess, maggie, 9452, peanut, shadow, ginger, michael, buster, sunshine, tigger, cookie, george, summer, taylor, bosco, abc123, ashley, bailey. However, they accounted for only 2.5 percent of all passwords, while 80 percent of passwords only occurred once.

Some choices, however, are better than others. For example, Hunt uncovered that 36 percent of passwords used come from dictionaries. Finally, the Microsoft MVP was happy to find that there were some who chose relatively unique passwords.

In his blog, Hunt said that when an entire database is compromised and all the passwords are just sitting there in plain text, the only thing saving customers of the service is their password uniqueness and ultimately password reset software.