Specops Software

Keyboard walks such as ‘qwerty’ are weak passwords used by millions of end users.

88% of organisations still use passwords as their primary method of authentication.

31.1 million breached passwords were over 16 characters in length.

83% of compromised passwords satisfied the length and complexity requirements of regulatory password standards.

Only 12% of organisations have moved away from using passwords as their primary method of authentication.

Simple passwords like Pass@123 and P@ssw0rd, which meet basic Active Directory requirements, are frequently used, increasing the risk of password reuse.

The most commonly used keyboard walk pattern was “Qwerty,” which appeared over 1 million times in a list of compromised passwords.

45% of organisations who only check for compromised passwords during expiry or reset events average only two checks for compromised passwords per year.

Organisations using SaaS apps have an average of 47,750 passwords to manage.

Over 31 million of the breached passwords were over 16 characters in length.

Only 50% of organisations scan for compromised passwords more than once a month.

The most common base terms used in breached passwords were “password”, “admin”, and “welcome”.

53% of people admit to using the same password across multiple accounts.

The most common length for compromised passwords was 8 characters (212.5 million total).

123456 was the most common compromised password found in a new list of breached cloud application credentials.

After analysing 1.8 million breached administrator credentials, 40,000 admin portal accounts were found to be using ‘admin’ as a password.

Requiring an Active Directory password length of at least 13 characters would significantly reduce the risk of cloud application password reuse.