2023 Specops Weak Password Report
Passwords are easy to attack because people use easy-to-guess passwords. These passwords are guessable because people reuse passwords and follow common patterns and themes. These passwords then end up on breached lists and can be attacked via brute force and password spraying.
Understanding common password patterns and user behaviours is the first step in securing passwords and the critical business data they protect.
83% of compromised passwords satisfy the password length and complexity requirements of regulatory password standards.
88% of passwords used to attack RDP ports in live attacks are 12 characters or less.
18.82% of 4.6 million passwords used in live attacks to RDP ports contain only lowercase letters.