Thanks to Reqiuem who posted this link on the forum.

The most interesting thing is how incredibly limited the range of passwords is.  With enough time, it would be very easy to crack these accounts.  As the author notes, even when the security system forces people to be at least a little more security conscious, they take the path of least resistance and, in the example of Myspace, tack a “1” on the end of their usual password.

Obviously it would be very hard to get this data, but I’d be fascinated in seeing how this sort of information correlates with that for important passwords, like those which allow access to emails or online stores or banks.  I’d be willing to bet many of the passwords are very similar, and could easily be found out with minimal data-mining of an intended target.

Bruce Schneier once wrote a brilliantly funny, yet sadly true, article, about the security mindset vs the normal human mindset once.  As I recall, his main point was that the security minded person looks at a system and thinks “how can I abuse that?”, whereas the normal person tends to use the system in the correct way and context, without paying much attention to how the system could be subverted or turned to other ends.  That is certainly part of it.  I also think its because people are used to seeing a computer as their personal possession, and everything on it as an extension of that.  Yet the internet is very much a shared space, which all sorts of characters can and do use.  But because people feel they own their computer, they feel free only taking minimal security precautions, more as ritual and formality than with any mind to actually defending accounts against possible intrusion.

I’ve often stated critical thinking should be on every school cirriculum, but now I’m starting to wonder if perhaps Security 101 shouldn’t be added to that list as well…