Nearly two years ago, Imperva's ADC published a detailed analysis of 32 million breached passwords in our report Consumer Password Worst Practices.  Today, Tsvika Klein from Imperva's ADC published a "sequel", Enterprise Password Worst Practices.  The report is available here (no registration required).  

Our first report was aimed at consumers.  This second is aimed at the IT geeks who manage the technical infrastructure to safeguard passwords.

Our contention:  Instead of consumers, we believe responsibility rests on enterprises to put in place proper password security policies and procedures as a part of a comprehensive data security discipline. Passwords should be viewed by security teams as highly valuable data.  We hope this paper guides enterprises to rectify poor password management practices.

The reports details:

• How hackers bypass security controls to protect passwords.
• Popular, key online resources hackers employ, including one website containing 50 billion possible password permutations.
• Key steps that Imperva recommends IT teams within enterprises undertake in order to mitigate password breaches