Security News > 2022 > May > Everything We Learned From the LAPSUS$ Attacks
Some of these passwords were common words, which are extremely susceptible to dictionary attacks.
Setting up a password policy that requires lengthy and complex passwords is a good start, but there is more that companies should be doing.
One key measure that organizations can use to prevent the use of weak passwords is to create a custom dictionary of words or phrases that are not permitted to be used as a part of the password.
Another, even more important way that an organization can prevent the use of weak passwords is to create a policy preventing users from using any password that is known to have been leaked.
If an attacker acquires a password hash they can simply compare the hash to the hash database, quickly revealing the password without having to perform a time-consuming brute force or dictionary-based crack.
Specops Password Policy gives admins the tools that they need in order to ensure that users avoid using weak passwords or passwords that are known to have been compromised.
News URL
https://thehackernews.com/2022/05/everything-we-learned-from-lapsus.html