of compromised passwords satisfy the password length and complexity requirements of regulatory password standards
of passwords used to attack RDP ports in live attacks are 12 characters or less
of 4.6 million passwords used in live attacks to RDP ports contain only lowercase letters
About the Data
Poor password practices are putting businesses at risk. Data breaches continue to be a threat to all types of organizations across the globe, underscoring the importance of greater password security, as a means to protect our business data, as well as our digital ecosystem.
This year’s Weak Password Report highlights why passwords are still the weakest link in an organization’s network, and how stronger password policy enforcement can be your best defense.
The research in this report has been compiled through various methods, including:
- Our analysis of 800 million breached passwords, a subset of the more than 4 billion unique compromised passwords within the Specops Breached Password Protection list.
- Our analysis of passwords found in live attacks on our team’s honeypot network, another source for compromised passwords blocked by the Specops Breached Password Protection list.
The Most Common Base Term used to Attack Networks Across Multiple Ports
The Specops research team looked at passwords being used to attack RDP ports in live attacks and analyzed a subset of over 4.6 million passwords collected over the span of several weeks.
We identified patterns in recent attacks and uncovered that more than 88% of passwords used in attacks were 12 characters or less. The most common password length found in this attack data was 8 characters at almost 24%.
Block Weak Passwords
Block the use of more than 4 billion compromised passwords including those found on known breached lists with Specops Password Policy with Breached Password Protection.
Frequently Asked Questions