How can a simple file containing words found in a dictionary threaten your organization’s security program? In a dictionary attack, any wordlist can be systematically entered as a password to break into any account. The wordlist, also known as password list, is created from real-life database leaks – which could include billions of unique records.
Hackers have access to numerous collections of usernames and password combinations from multiple breaches including Yahoo!, LinkedIn, Dropbox, and the latest Collection leak. A single breach can open the door to other systems anytime a leaked or vulnerable password is reused across accounts.
Hackers are not the only ones who can take advantage of a password dictionary. Organizations can stop the ripple effect by using the same password files to block vulnerable passwords in their organization. In practice, this means enforcing a password blacklist for Active Directory that would check new passwords against the same password lists available to hackers. This prevents users from selecting passwords that are susceptible to dictionary attacks.