I remember running a security audit against one of our domains when I was in the military. We ran some utilities against the domain controllers and put together a list of the user’s passwords, and then used them in a presentation about security for the users. They were shocked when we put up the list. Here’s a list of 500 of the most common passwords (*Caution, some of these are obscene*)- if you see any of your passwords here immediately change them. They’re well known and the hackers start with this list. If you didn’t see your list and would like to check a password, try this password checker.