In a recent study on password management and authentication by Specops Software, it was discovered that 31.1 million breached passwords, despite being 16 characters or longer, were not resistant to security breaches. The findings emphasise the importance of understanding the vulnerabilities even in longer passwords.
The analysis extended to 1.8 million breached administrator credentials, revealing that 40,000 admin portal accounts employed the easily guessable term 'admin' as their passwords. Alarmingly, only 50% of organizations conduct monthly assessments to identify compromised credentials within their systems, according to the report.
KrakenLab's latest list of breached credentials exposed '123456' as the most commonly compromised password. Furthermore, passwords incorporating variations of the word 'pass' or 'password,' that barely met the Active Directory's basic rules, were identified as prevalent in security breaches.
Verizon's report highlights that nearly half of all data breaches involve stolen usernames, passwords, and other credentials. This underscores the critical role credentials play in cybercrime, leading to a thriving underground market for stolen credentials, personal information, and data.
Industries handling sensitive information are urged to prioritise the security of their accounts by implementing strong, unique passwords. The report emphasises the risks associated with password recycling, as it exposes organisations and individuals to potential attacks.
The significance of securing administrative accounts is underscored in the report, as these accounts serve as a goldmine for hackers. The compromise of administrative accounts can enable adversaries to escalate their access within an organisation. Those entrusted with sensitive information are strongly advised to employ robust passwords.
The report further highlights that every account, including regular user accounts, is valuable to adversaries. Even seemingly lower-tier accounts can be leveraged to gain access to more high-value targets within an organisation. The study concludes that while long passwords hashed with MD5 and bcrypt can offer substantial protection, password reuse poses an immediate threat to their security.