How good are our passwords?

Wired News (which I read assiduously) had a pretty interesting article in their “Security Matters” section recently that talked about an analysis done of MySpace account passwords (“MySpace Passwords Aren’t So Dumb“). It makes for a pretty interesting read, so check it out. While you are at it, check out whether you have a password that falls into the list of “most common passwords”. Particularly interesting to me was the following statement:

Another password study in November looked at 200 corporate employee passwords: 20 percent letters only, 78 percent alphanumeric, 2.1 percent with non-alphanumeric characters, and a 7.8-character average length. Better than 15 years ago, but not as good as MySpace users. Kids really are the future.

Makes you think, doesn’t it? Why is it that corporate passwords are easier than the passwords teens are using to protect their MySpace accounts? Does it point to the perceived value of these accounts to their owners, the lack of a sense of ownership, or the same old issue of “too many passwords”?

It would be interesting to see if there is a similar study on the complexity of SSO passwords. Let me know if you happen to come across one.