"sp" at OpenRCE has written a very interesting analysis of the passwords chosen by about 45,000 MySpace users. Apparently, these passwords were found somewhere on the Internet, presumably the results of some sort of phishing attack. This analysis mirrors one done by Bruce Schneier for Wired about a year ago. It might be interesting to compare the two, however, it is more important to point out a huge flaw in both analyses – they purport to measure "strength" of passwords, and yet every single password in this instance is equally strong. That is, every password in this case is equally susceptible to inappropriate use, whether it happens to be "password" or "pqhw43n!#510,88CAap8neoxpo!$58".
This Is Why You Need Adaptive Access Control
Yet another article talking about how easy passwords can be cracked.