More Password Attacks

A staggering 85 million newly compromised passwords are now in the hands of cybercriminals, fueling ongoing attacks and exposing a critical vulnerability: even IT professionals, often considered the gatekeepers of security, are failing to implement basic password hygiene, particularly for internal systems. This revelation highlights a dangerous misconception that "internal" equates to "safe."

​

​While the industry pushes for advanced authentication methods like passkeys, the reality remains that passwords are still the dominant access point. And, shockingly, even those who should know better are making elementary mistakes. The latest data reveals a disturbing trend: a disregard for strong passwords within corporate networks, leaving them wide open to attack.

The Spec-ops report, which added 85 million compromised passwords to its database on March 18, paints a grim picture. It's not just external-facing services that are under attack; internal Remote Desktop Protocol (RDP) ports, used for remote access and server management, are being targeted with alarming ease.

The most common passwords used in these attacks? A litany of security nightmares: 123456, 1234, Password1, and variations thereof. This indicates a systemic failure to enforce basic password policies, even within the supposedly secure confines of corporate networks.

The implication is clear: even IT professionals, responsible for safeguarding these systems, are either using or allowing the use of incredibly weak passwords. The false sense of security associated with internal systems – the belief that they are somehow less vulnerable – is a dangerous fallacy.

So no matter who you are, regardless of what device or system you’re using, take password hygiene seriously and use passkeys if you can.

Ep311

Image created by AI