With breaches and cyber-attacks continually increasing every year, a constant stream of compromised passwords finds their way to the dark web for purchase and use. This should NOT be a surprise. 80% of breaches involved stolen or misused credentials1. And this makes sense … why use advanced attack techniques when stealing credentials and assuming user identities is easier, less detectable, and still works?
Stealthbits leverages the “Have I Been Pwned” breach password dictionary within StealthAUDIT and StealthINTERCEPT Enterprise Password Enforcer to search for the existence of and proactively prevent the use of over 500 million passwords from being used inside our customers’ Active Directory environments. As of Friday, June 19th, Troy Hunt – the dictionary’s creator and curated – added 17.3 million more bad passwords to the list, bringing the total to 572 million known bad or compromised passwords.
“…it is recommended that passwords chosen by users be compared against a “black list” of unacceptable passwords. This list should include passwords from previous breach corpuses, dictionary words, and specific words (such as the name of the service itself) that users are likely to choose.”
NIST Special Publication 800-63B
It is hard to know if your organization’s credentials are at risk if you don’t check! With over 17 million new ones you not only want to check current passwords but also use the HIBP database to prevent any of the 572 million compromised passwords from being used today or any time in the future.
While some password favorites are seen repeatedly…
…maybe more importantly are the ones that are seen less frequently…
It’s easy enough to write rules to detect or exclude the most common 4.6 million passwords seen more than 50 times. Unique passwords that comprise over 99% of the database and are excellent for offline attacks. 34% of respondents said they share passwords or accounts with their coworkers2. 62% reuse the same password for work and personal accounts3. This means a breach at Gmail, LinkedIn, Sony, Home Depot, etc… can expose your user’s corporate passwords and more likely if the passwords are shared.
Both StealthINTERCEPT and StealthAUDIT can leverage the “Have I Been Pwned or HIBP” breach dictionary. StealthAUDIT inspects the current set of AD passwords to see if any compromised ones are in use. Then StealthINTERCEPT prevents any new compromised passwords from even being used. Passwords are still the first line of defense against cyber-attacks, so it’s important to ensure your users are employing good ones.
In addition to checking passwords against a breach dictionary, Stealthbits can also:
1https://backendnews.net/2019/09/26/survey-80-of-breaches-caused-by-privileged-credential-abuse/
2https://www.surveymonkey.com/curiosity/why-people-share-passwords-with-coworkers/
For fun, let’s take a look at the most popular passwords and how often they are used. Do your users leverage any of these?
Clear Text Password | Hash | Number of Occurrences |
123456 | 32ED87BDB5FDC5E9CBA88547376818D4 | 23,597,311 |
123456789 | C22B315C040AE6E0EFEE3518D830362B | 7,870,694 |
qwerty | 2D20D252A479F485CDF5E171D93985BF | 3,946,737 |
password | 8846F7EAEE8FB117AD06BDD830B7586C | 3,759,315 |
111111 | 2D7F1A5A61D3A96FB5159B5EEF17ADC6 | 3,124,368 |
12345678 | 259745CB123A52AA2E693AAACCA2DB52 | 2,944,615 |
abc123 | F9E37E83B83C47A93C2F09F66408631B | 2,877,689 |
1234567 | 328727B81CA05805A68EF26ACB252039 | 2,516,606 |
password1 | 5835048CE94AD0564E29A924A03510EF | 2,418,984 |
12345 | 7A21990FCD3D759941E45C490F143D5F | 2,389,787 |
1234567890 | 8AF326AA4850225B75C592D4CE19CCF5 | 2,264,884 |
123123 | 579110C49145015C47ECD267657D3174 | 2,238,694 |
000000 | 3FA45A060BD2693AE4C05B601D05CA0C | 1,959,780 |
iloveyou | B963C57010F218EDC2CC3C229B5E4D0F | 1,645,337 |
1234 | 7CE21F17C0AEE7FB9CEBA532D0546AD6 | 1,296,186 |
1q2w3e4r5t | 3E24DCEAD23468CE597D6883C576F657 | 1,199,289 |
qwertyuiop | 0D757AD173D2FC249CE19364FD64C8EC | 1,108,463 |
123 | 3DBDE697D71690A769204BEB12283678 | 1,042,952 |
monkey | F2477A144DFF4F216AB81F2AC3E3207D | 992,381 |
dragon | F7EB9C06FAFAA23C4BCF22BA6781C1E2 | 984,209 |
Damon is the Director of Product Marketing at Stealthbits responsible for Active Directory and Privileged Access Management solutions. He has over 20 years of experience addressing marketing challenges of all kinds for many notable, B2B software companies, including Red Hat, Quest Software, Sterling Commerce, and most recently SecureAuth. Damon has a passion for cybersecurity software and improving the defenses of organizations against cyber-attacks. Damon resides in Columbus, Ohio.
Proper data security begins with a strong foundation. Find out what you're standing on with a free deep-dive into the security of your Structured and Unstructured Data, Active Directory, and Windows infrastructure.
Read more© 2022 Stealthbits Technologies, Inc.
Leave a Reply