Specops Software has released its annual Weak Password Report, which highlights the significance of passwords in organization's network security. The report analyzed over 800 million breached passwords and discovered that 88% of passwords used in successful attacks consisted of 12 characters or less. Additionally, the most common base terms used in passwords were: ‘password,’ ‘admin,’ ‘welcome’ and ‘p@ssw0rd’. Surprisingly, 83% of the compromised passwords did meet the length and complexity requirements of cybersecurity compliance standards.
The report revealed that brute force attacks are still a prevalent tactic used by cybercriminals to gain access to an organization's network. The inclusion of breached password terms, such as 'homelesspa,' which was found in the 2016 MySpace data leak, demonstrates the importance of strong password policy enforcement. Nvidia's data breach in 2022 is an example of how using passwords related to the organization is an easy route for hackers to gain access to the network.
To protect corporate data, Specops recommends three key password protection best practices, including protecting Active Directory, which is the universal authentication solution for Windows domain networks, strengthening Active Directory accounts with third-party password security software, and using a solution that can block the use of compromised passwords and commonly used terms with custom dictionaries. The report emphasizes the ongoing challenges of securing the weakest link in enterprise IT environments. To enhance password security, organizations should put strong password policy enforcement in place, including custom dictionaries related to the organization, to safeguard their sensitive data.