Get the full story at http://www.imperva.com/docs/WP_Consumer_Password_Worst_Practices.pdf
32 Million passwords were analyzed at rockyou.com and these were the top 20
To put it a different perspective, if a hacker used the first 116 password on each account, they would break into 5% of the accounts. With the first 5000 passwords tried on each account, they'd break into 20% of the accounts!
For Oracle specific security, password hacking and protection see
Pete Finnigan's site at