Security News > 2022 > April > The top 10 password attacks and how to stop them

Prevention steps - Password length/passphrases greater than 20 characters, block incremental/common patterns, breached password protection, custom dictionary, MFA. A dictionary attack was used on January 4th, 2009 by a hacker known only as GMZ to compromise an administrator account and then change the passwords of famous accounts, including President elect Barack Obama, Britney Spears, and others.

A password reset attack is a classic social engineering technique to gain access to a network is calling the service desk, pretending to be someone else, and requesting a new password.

Prevention - Verification / MFA at the help desk, awareness training, self-service password reset with MFA. The password reset MitM attack is very simple and effective as shown by several studies.

Gain visibility into your top password risks with Specops Password Auditor.

Specops Password Auditor is a free password audit tool that scans your Active Directory environment to identify password-related vulnerabilities and audit your existing password policies against common regulatory compliance recommendations.

Recently, Specops has included a Password Age report as part of Specops Password Auditor so IT admins can effectively see the age of passwords in their environments.

News URL

https://www.bleepingcomputer.com/news/security/the-top-10-password-attacks-and-how-to-stop-them/