While phishing for credentials is a top cyber attack vector, many threat actors do not need to rely on phishing because password guessing is so easy. Threat intelligence firm Flashpoint took a deep dive into its collection of over 35 billion compromised credentials and unsurprisingly discovered a primary parallel: people are predictable.
After slicing and dicing the top 10,000 bad passwords, Flashpoint observed:
- The top 450 most repeated passwords included keyboard patterns, number strings, and first names.
- The next most common types of passwords consisted of single dictionary words, patterns including sports references, site names, and variations on the word password.
- Over 96% of the top 10,000 most reused passwords were fewer than 12 characters long.
While the findings themselves are commonly published and unsurprising, it is astonishing that even a pool of more than 35 billion credentials yields the same perpetual password pitfalls. Furthermore, due to our propensity to procrastinate changing our passwords, threat actors have a lot of success out of just one cache of compromised credentials – quite honestly, if you’ve seen one, you’ve seen them all. Not only are passwords predictable and persistent, but widespread password reuse only perpetuates the problem. Read the post at Flashpoint