“123456” and “password” continue to be the most commonly used passwords, when will people learn?
Here is a list of the top 25 most common passwords of 2016.
Your policy may not allow weak passwords such as 123456 or password, but even if the password complexity requirement is enabled in the standard Windows Password Policy, users can still create insecure passwords such as such as Password123, Company2015, January1 and LetMeIn2015.
Microsoft MVP and software architect Troy Hunt famously said: “The only secure password is the one you can’t remember.” While it may be true, there are still things you can do to increase password security. Neal O’Farrell, executive director of The Identity Theft Council suggests that you use passphrases instead of passwords to create easy to remember but hard to hack passwords. A passphrase is a short sentence that’s easy for you to remember but that a hacker would have a very hard time guessing. He said “The phrase could be something like “I graduated from Notre Dame University on June 1st 2002.” Pick the first letter from every word in that phrase, making sure you include the upper and lower case, and keep all the numbers. That would give you the following password: “IgfNDUoJ1st2002” That’s a massive 15 characters and includes upper and lower case letters and numbers. Change the “I” to the symbol “!” and now you’ve made it even harder to crack.”
With the new capability to support passphrases, Specops Password Policy gives administrators the flexibility to not force complexity requirements when a password is more than a minimum character length, for example 20 characters. When you allow users to create passwords like this, I like my n@w shiny car!!, it’s longer than any traditional password and it’s extremely easy to remember. Security is enhanced without compromising usability. To further strengthen your password policy, you can disallow user names, display names, incremental passwords and even the entire dictionary list.
(Last updated on October 30, 2023)
A strong password is long and complex. Adding spaces, upper case, and special characters make it harder to crack. But if you take user behavior into consideration, it is unrealistic to expect them to create and remember long passwords made up of random characters. Most users use dictionary words as the root to their complex…Read More
Mark Zuckerberg’s password was hacked earlier this month. Not only did he use a simple password – dadada, but he also reused it across different services. Why should this make you worry? Because Zuckerberg’s negligence reflects current password norms that your employees have made a habit out of, including: Using the same password whenever possible;…Read More
For a few weeks now we have been running a contest for SpiceHeads, IT professionals who use Spiceworks and thereby are official curators of all things Spicy. The inspiration for the contest came after attending several local SpiceCorps meetups, and hosting our very own meetup in our Toronto office. The meetups not only bring the…Read More