Your password: separating the weak from the strong
You are probably familiar with the basics of password security: Complexity is a necessity; and length equals strength. If you have a social media or email account, chances are your password meets their minimum length and/or complexity requirements. But, with data breaches and security flaws a regular occurrence in our digital lives, doing the bare minimum isn’t good enough. So, like any cryptic-minded individual, you’ve spiced up your password, perhaps you have:
- Added a string of numbers to the end of your password?
- Created a super long password with a famous quote from your favorite movie?
- Substituted the characters from your favorite password – Pa$$w0rd? Surely, no one has thought of that one before.
Many passwords appear strong, but conform to predictable patterns. They may meet, and even exceed, the length and character type requirements of a strong password, yet their predictable patterns have landed them in password dictionaries, making them easy targets for hackers.
A dictionary attack is a method of breaking into a system by entering every word, from a database of commonly used words, as a password. Since a computer is used to systematically enter each word, the attack can go very quickly. The dictionary is not necessarily limited to common names and words. Attackers can use different dictionaries, such as foreign words, phonetic patterns, in addition to lists from data breaches such as LinkedIn, Gawker, and Adobe. This means that even if you created a super complex password, such as WYH@19950329$wyh, the password will not be secure if it appears on a password list, which in this case, it does.
With the right tools, your IT department can reject the use of passwords found on such lists. Specops Password Policy allows administrators to create their own custom dictionary, or block the use of over 4 billion known breached passwords with Specops Breached Password Protection. In response to recent data breaches, Microsoft is also clamping down on common passwords, banning their use within Microsoft Accounts and Azure AD services.
Find out how many of your Active Directory passwords are known breached passwords with a free read-only scan with Specops Password Auditor.
(Last updated on October 30, 2023)
Here is a list of the top 25 most common passwords of 2016. Your policy may not allow weak passwords such as 123456 or password, but even if the password complexity requirement is enabled in the standard Windows Password Policy, users can still create insecure passwords such as such as Password123, Company2015, January1 and LetMeIn2015….Read More