Security News > 2023 > January > Lessons Learned from the Windows Remote Desktop Honeypot Report
Over several weeks in October of 2022, Specops collected 4.6 million attempted passwords on their honeypot system.
Though the examples given here focused on RDP connections, a honeypot is not limited to that type of connection, and any remote access system is subject to attacks, like SSH. What should an organization do to minimize the potential damage?
If an attacker gains access to a password dialog, which the most persistent attackers may do despite all other protections, then having a strong password policy is essential.
Before the password is even created, a breached password list that checks the new password against known stolen credentials ensures that the most common variations are not used.
Specops Password Policy with Breached Password Protection checks your user's passwords and prevents them from choosing a compromised password.
Protecting Accounts with MFA. Layered on top of a strong password policy is the use of MFA. With a second authentication requirement, even a correctly guessed or stolen password does not ensure access.