Hackers Bypass Weak Organization Passwords with Ease

Hackers Bypass Weak Organization Passwords with Ease

By Greg Tavarez

Even with other forms of authentication such as biometric and multi-factor authentication, passwords are still relevant and remain the most widely used form of authentication. Strong passwords are an effective tool in protecting personal data. “Strong” is the keyword here, however, and most people do not use passwords that would fall under that “strong” category.

In fact, a Specops Software study found 88% of passwords used in successful attacks consisted of 12 characters or less, with the most common being eight characters.

Specops used Nvidia’s 2022 data breach as an example. In the breach, where thousands of employee passwords were leaked, many employees had used passwords such as “Nvidia,” “qwerty” and “nvidia3d.” Outside of Nvidia, other common base terms used in general passwords were “password” “admin,” “welcome” and “p@ssw0rd.”

It’s baffling to see these types of passwords used as a would-be defense against hackers. No wonder hackers bypass passwords related to the organization with ease. And users will likely continue to resort to these common passwords even with warnings passed on to them as well as end-user security training.

Funny enough, depending on how it is looked at, strong passwords that are compliant with NIST, PCI, ICO for GDPR, HITRUST for HIPAA and Cyber Essentials for NCSC standards contributed to 83% of compromised passwords. (Maybe the compliance standards need to be revisited?) Especially if what they call “strong” passwords still need to be used in conjunction with other security measures and good security practices to ensure that account and personal data are safe.

As for security teams, they naturally feel left in the dark, especially the more end users they have.

To protect corporate data, organizations need to protect Active Directory, the universal authentication solution for Windows domain networks. Protecting Active Directory is effectively accomplished by using third-party password security software to strengthen Active Directory accounts. Organizations need to look for a solution that blocks the use of compromised passwords and commonly used terms with custom dictionaries.

“While organizations are making concerted efforts to follow password best practices and industry standards, more needs to be done to ensure passwords are strong and unique,” said Darren James, Product Manager at Specops Software. “With the sophistication of modern password attacks, additional security measures are always required to protect access to sensitive data. Companies should put strong password policy enforcement in place, including custom dictionaries related to the organization.”




Edited by Alex Passett
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

MSPToday Editor

SHARE THIS ARTICLE
Related Articles

Real Estate Forecast 2025: Emerging Developments and Market Shifts

By: Contributing Writer    7/1/2025

Buying or selling property can be challenging. Rising mortgage rates and fluctuating home prices leave many uncertain about their next move. Business …

Read More

Protecting Business Assets with Smarter Security Frameworks

By: Contributing Writer    7/1/2025

Protecting your business is more challenging than ever. Cyber threats are increasing every day. Hackers target small and large businesses alike, searc…

Read More

Reimagining Public Transportation in the Era of Smart Mobility

By: Contributing Writer    7/1/2025

Public transportation can be frustrating. Buses stuck in traffic, late trains, and hard-to-navigate systems often leave people stressed or stranded. M…

Read More

SonicWall Powers Secure Access for Missouri MSP, Improving Cybersecurity and Network Access for Clients

By: Erik Linask    6/27/2025

With SonicWall, Stronghold Data delivers a modern, secure remote access solution that ensures access to networks and resources and improves cybersecur…

Read More

Guardz Unleashes AI-Driven ITDR to Combat Escalating Identity-Based Threats

By: Erik Linask    6/26/2025

The launch of Identity Threat Detection and Response (ITDR) gives MSPs the tools to defend SMBs against increasingly sophisticated attacks targeting u…

Read More