Hackers Bypass Weak Organization Passwords with Ease

Hackers Bypass Weak Organization Passwords with Ease

By Greg Tavarez

Even with other forms of authentication such as biometric and multi-factor authentication, passwords are still relevant and remain the most widely used form of authentication. Strong passwords are an effective tool in protecting personal data. “Strong” is the keyword here, however, and most people do not use passwords that would fall under that “strong” category.

In fact, a Specops Software study found 88% of passwords used in successful attacks consisted of 12 characters or less, with the most common being eight characters.

Specops used Nvidia’s 2022 data breach as an example. In the breach, where thousands of employee passwords were leaked, many employees had used passwords such as “Nvidia,” “qwerty” and “nvidia3d.” Outside of Nvidia, other common base terms used in general passwords were “password” “admin,” “welcome” and “[email protected]

It’s baffling to see these types of passwords used as a would-be defense against hackers. No wonder hackers bypass passwords related to the organization with ease. And users will likely continue to resort to these common passwords even with warnings passed on to them as well as end-user security training.

Funny enough, depending on how it is looked at, strong passwords that are compliant with NIST, PCI, ICO for GDPR, HITRUST for HIPAA and Cyber Essentials for NCSC standards contributed to 83% of compromised passwords. (Maybe the compliance standards need to be revisited?) Especially if what they call “strong” passwords still need to be used in conjunction with other security measures and good security practices to ensure that account and personal data are safe.

As for security teams, they naturally feel left in the dark, especially the more end users they have.

To protect corporate data, organizations need to protect Active Directory, the universal authentication solution for Windows domain networks. Protecting Active Directory is effectively accomplished by using third-party password security software to strengthen Active Directory accounts. Organizations need to look for a solution that blocks the use of compromised passwords and commonly used terms with custom dictionaries.

“While organizations are making concerted efforts to follow password best practices and industry standards, more needs to be done to ensure passwords are strong and unique,” said Darren James, Product Manager at Specops Software. “With the sophistication of modern password attacks, additional security measures are always required to protect access to sensitive data. Companies should put strong password policy enforcement in place, including custom dictionaries related to the organization.”

Edited by Alex Passett
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

MSPToday Editor

Related Articles

Mutare Brings Together Cybersecurity Community to Raise Vishing Awareness

By: Greg Tavarez    3/28/2023

Mutare is collaborating with government agencies, business coalitions and private industry in an educational campaign to raise awareness of the risks …

Read More

Only 15% of Organizations Deemed Mature Enough to Defend Against Cybersecurity Risks

By: Greg Tavarez    3/28/2023

Fifteen percent of organizations globally have the maturity level of readiness needed to be resilient against today's modern cybersecurity risks, acco…

Read More

Opti9 Offerings Strengthen Veeam Customers' Security Stacks

By: Greg Tavarez    3/28/2023

Opti9 introduced its standalone offerings for Veeam, which are managed services for Veeam Software and its AI-based ransomware detection and remediati…

Read More

How Businesses are Navigating Migrations and Marketplace Shifts

By: Alex Passett    3/28/2023

Westcon-Comstor recently published a report that explored challenges found amongst shifting subscription and recurring revenue models for businesses.

Read More

Cybersecurity Essentials: BSA Expands Managed Security Solutions

By: Alex Passett    3/24/2023

Bridge Security Advisors (BSA) has announced an addition to its Essential Security Solution (ESS): the Managed Security Solution (MSS) offering.

Read More