SplashData published their annual list of the 25 Worst Passwords on the Internet. Here is the list that all IT directors should block as acceptable logon password to websites, networks, computers, etc.
Not taking precautions could result in another sort of list such as the 1.3 million fraud or identity theft complaints that the FTC received in 2010.
There are may other security steps required to protect networks that utilize password-based authentication (See my recent post, “Just How Long Should a Password Be?” for more info).
Switching over to PKI may work for some companies but it work for many others. Or, it may even be a combination of both PKI and Passwords using a single credential like what Access Smart has done with the government’s PIV credential.
The take away is to ask why people use these weak passwords. The answer is that they need a better way to manage their passwords that is both convenient and secure.