Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Wednesday, 22 March, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Research Reveals ‘Password’ Still the Most Common Term Used by Hackers to Breach Enterprise Networks

Password management and user authentication solutions provider Specops Software has today announced the release of its annual Weak Password Report which analysed over 800 million breached passwords and suggests that passwords continue to be a weak spot in an organisation's network. 

by Guru Writer
March 8, 2023
in Featured, Features
Blue logo, capitalised letters. SPECOPS.
Share on FacebookShare on Twitter

Password management and user authentication solutions provider Specops Software has today announced the release of its annual Weak Password Report which analysed over 800 million breached passwords and suggests that passwords continue to be a weak spot in an organisation’s network.

The study found 88% of passwords used in successful attacks consisted of 12 characters or less, with the most common being 8 characters (24%).  The most common base terms used in passwords were: ‘password’, ‘admin’, ‘welcome’ and ‘[email protected]’. Passwords containing only lowercase letters were the most common character combination found, making up 18.82% of passwords used in attacks.

Ironically, the study revealed that 83% of compromised passwords did satisfy both length and complexity requirements of cybersecurity compliance standards such as NIST, PCI, ICO for GDPR, HITRUST for HIPAA and Cyber Essentials for NCSC. 

“This shows that while organisations are making concerted efforts to follow password best practices and industry standards, more needs to be done to ensure passwords are strong and unique,” said Darren James, Product Manager at Specops Software. “With the sophistication of modern password attacks, additional security measures are always required to protect access to sensitive data.”

Furthermore, brute force attacks are a common tactic used by cybercriminals to gain access into an organisation’s network to steal sensitive data. Threat actors will use common, probable, and even breached passwords to systematically run them against a user’s email to gain access to a given account. For example, the Specops researchers also noticed the inclusion of ‘homelesspa’ – a password term found in 2016 MySpace data leak, proving that ‘old’, breached password terms are still being leveraged by hackers many years later. This is a critical reason why organizations need strong password policy enforcement.

The research was largely compiled through analysis of 800 million breached passwords, a subset of the 3 billion unique passwords in Specops Breached Password Protection.

Real-world example: Nvidia

In Nvidia’s data breach in 2022, where thousands of employee passwords were leaked, many employees had used passwords such as ‘Nvidia’, ‘qwerty’ and ‘nvidia3d’. Having passwords related to the organisation is an easy route for hackers into the network.  Despite industry warnings against easily guessable passwords, users are still resorting to common passwords.

“The 2023 edition of the Weak Password Report reiterates the ongoing challenges of securing the weakest link in the enterprise IT environment,” said James. “To stay on top of today’s credential attacks, all companies should put strong password policy enforcement in place, including custom dictionaries related to the organisation.”

Password Protection Best Practices

Three key enforcement measures recommended by Specops are:

  • For most business, this starts with protecting Active Directory, the universal authentication solution for Windows domain networks. 
  • Default password policy settings in Active Directory do not go far enough. Third-party password security software can strengthen Active Directory accounts. 
  • Look for a solution that can block the use of compromised passwords and commonly used terms with custom dictionaries.

For more information about the research, check out the full data and analysis here.

 

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

International Women’s Day: Only One Fifth of Cybersecurity Leadership Roles filled by Women

Next Post

Gearing up for UK Cyber Week: Helping businesses fight back against cyber crime

Recent News

security

What Is Observability, And Why Is It Crucial To Your Business?

March 21, 2023
Organisational Cybersecurity.jpg

How Emerging Trends in Virtual Reality Impact Cybersecurity

March 21, 2023
Nominations are Open for 2023’s European Cybersecurity Blogger Awards

Nominations are Open for 2023’s European Cybersecurity Blogger Awards

March 20, 2023
TikTok to be banned from UK Government Phones

TikTok to be banned from UK Government Phones

March 17, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information