The top five findings in the 2022 Weak Password Report from Specops Software highlight the things organizations need to consider when using password protection.
The findings include the fact that password length does not guarantee password safety, a password is often seasonal or influenced by pop culture, password complexity does not prevent credential theft, password overload is a big problem, and lastly, organizations could do more in keeping passwords safe.
Longer passwords do not guarantee password safety. This was reflected in the 2022 Weak Password Report showed that 93% of the passwords that were used in brute force attacks included at least eight characters.
This is possible since attackers have lookup tables of leaked password databases that can be used to reveal a password based on its harsh.
The report showed that passwords are often seasonal and are influenced by pop culture. 42% of seasonal passwords contained the word “summer.” Baseball season is also reflected heavily in the report.
Password complexity does not prevent credential theft. The report showed that 68% of the passwords used in real attacks included at least two different types of characters.