"sp" at OpenRCE has written  a very interesting analysis of the passwords chosen by about 45,000 MySpace users. Apparently, these passwords were found somewhere on the Internet, presumably the results of some sort of phishing attack. This analysis mirrors one done by Bruce Schneier for Wired about a year ago. It might be interesting to compare the two, however, it is more important to point out a huge flaw in both analyses – they purport to measure "strength" of passwords, and yet every single password in this instance is equally strong. That is, every password in this case is equally susceptible to inappropriate use, whether it happens to be "password" or "pqhw43n!#510,88CAap8neoxpo!$58".