Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Sponsored By
Strong Password Policy Isn't Enough, Study ShowsStrong Password Policy Isn't Enough, Study Shows
New analysis reveals basic regulatory password requirements fall far short of providing protection from compromise.
Dark Reading Staff
May 24, 2022
1 Min Read
Source: Tero Vesalainen via Alamy
A new look at a database of more than 800 million known-breached passwords reveals that 83% of them met basic security standards set by five different standards agencies.
Minimum password lengths prescribed by NIST, HITRUST for HIPPS, PCI, ICO for GDPR, and Cyber Essentials for NCSC ranged from seven to 10 and included requirements for password complexity, special characters, and numbers — but none were enough to keep compliant passwords off the breached list, according to a new report from Specops Software.
"What this data really tells us is that there is a very good reason why some regulatory recommendations now include a compromised password check," said Darren James, product specialist at Specops Software, in a statement about the new password policy research. "Complexity and other rules might help but the most compliant password in the world doesn’t do anything to protect your network if it's on a hacker's compromised password list."
About the Author(s)
You May Also Like
More Insights
Webinars
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication Methods
Oct 26, 2023Modern Supply Chain Security: Integrated, Interconnected, and Context-Driven
Nov 06, 2023How to Combat the Latest Cloud Security Threats
Nov 06, 2023Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and Phishing
Nov 01, 2023SecOps & DevSecOps in the Cloud
Nov 06, 2023
Events
