How many of your users are using insecure and compromised passwords?
You may have a standard password strength meter on your site so you think your users are safe. Think again.
Let me throw some numbers out at you:
So how does this translate?
As an example: If a company with 1,000 user accounts, around 550 of the users will use the same password across 90 accounts. Users Suck at Passwords.
That is a whopping 49,500 accounts! Chances are pretty high that some of those accounts have already been exposed.
Hackers love that 55% because if they get credentials for one site, they can use the same credentials to gain access to other sites.
It has a nasty domino effect and can infect organizations in various ways.
All sorts of shenanigans. And all because the user is unaware that they are using a known, compromised password.
Users are often the weakest link because they are lax about their own passwords.
Password strength meters and password complexity requirements are simply not enough. IT Security and Development cannot combat it alone.
So what do you do? (besides locking users out of their accounts)
Inform your users of compromised passwords when they set up their accounts!