Passwords are still the key to protecting our most private information, from email accounts to online banking, but these results indicate that simply following password best practices is not enough. to protect accounts.
March 08, 2022
Password attacks are on the rise. Theft of user credentials, including name, email and password, was the most common root cause of breaches in 2021 with several high-profile and disruptive attacks in the past two years on SolarWinds, Colonial Pipeline and others made possible by hackers stealing a single password. New data released today by Specops Software, the leading provider of password management and authentication solutions, shows that setting strong passwords may not be enough in an increasingly volatile cybersecurity landscape .
In its first annual weak password report, Specops analyzed 800 million breached passwords, a subset of the more than 2 billion breached passwords in Specops Breached Password Protection, to identify current trends. in password security. The researchers also assessed both the human and technical side of why passwords are the weakest link in an organization’s network, looking at trends such as themes and password reuse. , and how hackers have adjusted their tactics to keep up with changing password requirements.
The results show that the problem is not as simple as users who resort to easy-to-remember credentials like “password12345”. In fact, even passwords that follow typical length and special character guidelines remain vulnerable to attack.
Key findings include:
- 93% of passwords used in brute force attacks include 8 or more characters
- 41% of passwords used in real attacks are 12 or more characters long
- 68% of passwords used in real attacks include at least two character types
- 48% of organizations do not have user verification in place for calls to IT service desks
- 54% of organizations don’t have a tool to manage work passwords
“Passwords are still the key to protecting our most private information, from email accounts to online banking, but these results indicate that simply following password best practices is not enough. not to protect accounts,” said Darren James, internal IT manager at Specops Software. “With some of the most high-profile cybersecurity incidents of the past two years involving passwords, it is imperative that organizations implement password policies to block weak or breached passwords and use security methods. additional authentication to ensure the security of sensitive business data and accounts.”
Holistic password hygiene needs to be better prioritized, from the executive level to people working from home. It’s critical that businesses take action by blocking weak and compromised passwords, enforcing password length requirements, implementing service desk user verification, and auditing the IT environment. company to highlight password-related vulnerabilities.
For additional data and security tips, visit specopssoftware.com or download the report here.
The research in this report was compiled through proprietary surveys and data analysis of 800 million breached passwords, a subset of the over 2 billion breached passwords on the Specops Breached List. Password Protection.
About Specops Software
Specops Software, an Outpost24 company, is the leading provider of password management and authentication solutions. Specops protects your company’s data by blocking weak passwords and securing user authentication. With a comprehensive portfolio of solutions natively integrated with Active Directory, Specops ensures that sensitive data is stored on-premises and under your control. Every day, thousands of organizations use Specops software to protect corporate data.
Share the article on social networks or by e-mail: