Between December 21 and 25, 2011, hackers released more than 100 million users' account information, from China's most popular websites, including usernames, passwords, and emails. As user passwords were not encrypted, the online security crisis has caused prevailing panic among many Internet users in China. On the other hand, this online security disaster also provides researchers priceless data with which to study users' password patterns, especially when comparing those patterns across various relevant websites. Lessons thusly learned can help Chinese online service providers improve their service security in the future. This paper reports the findings from the exploratory study of the datasets from the affected websites with more than 60 million records, including (1) users might choose less secure passwords for their convenience and ease of memorization, though their primary concern is online security; (2) for the same reasons, password reuse is common, as users tend to use the same passwords for multiple online accounts; and (3) passwords usually contain common words, or personal information, such as birthdays and family member names.
Available at: http://works.bepress.com/andy_hung/17/