Originally Posted by kitten
Cool mines not in the top 500. If they are supposed to be secret how do you do a top 500 anyway
Hack them using a brute force attack then analyse what people actually used.
I think the "bigger" problem is people who use the same password and email address everywhere. So if you are firstname.lastname@example.org
and use even a very secure password on every site then if you register at www.myhonestlookingsite.com
you rely on "me" keeping your details secret and not telling anyone. I'd guess for a large proportion of the population if myhonestlookingsite.com actually is not so honest then I have your credentials for paypal, hotmail, facebook, amazon, ebay etc... if I get your email account open then I can probably get most other username / password reminders send to me!