Going by a report recently released by database security vendor Imperva Inc, most of the Internet users still go in for short and ‘weak’ passwords for their online accounts, thereby making it fairly easy for hackers to access their accounts.

The report, which highlights the need for IT administrators to implement strong password policies on enterprise applications and systems, was based on a comprehensive analysis of the 32 million passwords that were exposed by hackers after they compromised the customer database of RockYou – the Redwood City, California-based social Web content distribution provider – in December 2009.

As per the Imperva analysis, nearly 30 percent of the hacked RockYou passwords comprised six or less characters; while almost 60 percent passwords were created from a limited set of alphanumeric characters. Almost one-half of the users either had easily ‘guessable’ names or commonly-used slang words as their passwords, or had used consecutive numbers and adjacent keyboard keys.

The most common password used by the RockYou users was ‘123456’ which had been used in as many as 290,731 accounts; followed by ‘12345’ in 78,078 accounts; ‘123456789’ in 76,790 accounts; ‘password’ in 61,958 accounts; and ‘iloveyou’ in 51,622 accounts.

Furthermore, Amichai Shulman, Imperva’s chief technology officer, noted that most of the top 5,000 passwords in the hacked RockYou list matched those found in password dictionaries that are used by hackers to break into users’ accounts.