Hackers Bypass Weak Organization Passwords with Ease

Hackers Bypass Weak Organization Passwords with Ease

By Greg Tavarez

Even with other forms of authentication such as biometric and multi-factor authentication, passwords are still relevant and remain the most widely used form of authentication. Strong passwords are an effective tool in protecting personal data. “Strong” is the keyword here, however, and most people do not use passwords that would fall under that “strong” category.

In fact, a Specops Software study found 88% of passwords used in successful attacks consisted of 12 characters or less, with the most common being eight characters.

Specops used Nvidia’s 2022 data breach as an example. In the breach, where thousands of employee passwords were leaked, many employees had used passwords such as “Nvidia,” “qwerty” and “nvidia3d.” Outside of Nvidia, other common base terms used in general passwords were “password” “admin,” “welcome” and “p@ssw0rd.”

It’s baffling to see these types of passwords used as a would-be defense against hackers. No wonder hackers bypass passwords related to the organization with ease. And users will likely continue to resort to these common passwords even with warnings passed on to them as well as end-user security training.

Funny enough, depending on how it is looked at, strong passwords that are compliant with NIST, PCI, ICO for GDPR, HITRUST for HIPAA and Cyber Essentials for NCSC standards contributed to 83% of compromised passwords. (Maybe the compliance standards need to be revisited?) Especially if what they call “strong” passwords still need to be used in conjunction with other security measures and good security practices to ensure that account and personal data are safe.

As for security teams, they naturally feel left in the dark, especially the more end users they have.

To protect corporate data, organizations need to protect Active Directory, the universal authentication solution for Windows domain networks. Protecting Active Directory is effectively accomplished by using third-party password security software to strengthen Active Directory accounts. Organizations need to look for a solution that blocks the use of compromised passwords and commonly used terms with custom dictionaries.

“While organizations are making concerted efforts to follow password best practices and industry standards, more needs to be done to ensure passwords are strong and unique,” said Darren James, Product Manager at Specops Software. “With the sophistication of modern password attacks, additional security measures are always required to protect access to sensitive data. Companies should put strong password policy enforcement in place, including custom dictionaries related to the organization.”




Edited by Alex Passett
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

MSPToday Editor

SHARE THIS ARTICLE
Related Articles

Expereo Chosen to Drive Global Connectivity for Carlsberg Group

By: Stefania Viscusi    12/7/2023

Brewery conglomerate Carlsberg Group has chosen intelligent internet company Expereo to help with its digital transformation.

Read More

CrowdStrike Brings AI-Driven Cybersecurity to Amazon Business

By: Stefania Viscusi    12/7/2023

CrowdStrike announced that it has officially launched its AI-powered cybersecurity solution, CrowdStrike Falcon Go, on Amazon Business.

Read More

Sotera SecurePhone, Powered by MetTel, Introduces Ultra-Secure Communication in Government and Enterprise Domains

By: Greg Tavarez    12/7/2023

The Sotera SecurePhone joins a growing, robust line-up of security offerings from MetTel that include a range of network and endpoint-based solutions.

Read More

CyberArk Introduces Enhanced Passkeys Authentication

By: Stefania Viscusi    12/6/2023

Identity security company CyberArk has announced a significant step in enhancing the passwordless authentication experience by introducing new passkey…

Read More

Telstra International's Global Managed Security Solutions Powered Up through Netskope Partnership

By: Greg Tavarez    12/6/2023

The expanded partnership between Telstra International and Netskope lets Telstra provide organizations worldwide with a comprehensive managed solution…

Read More