Solving the Painful Password Problem with Better Policies

The State of Password Security

The password problem persists, with 88% of online services relying on passwords as the primary means of authentication. However, these credentials are often weak, reused, and easy to compromise – creating a significant security risk for organizations and users alike.

Why Passwords Are Easy to Hack


Passwords are vulnerable to attacks because they rely on human predictability. Most users choose from a limited set of 94 characters on a standard US keyboard, resulting in an estimated six quadrillion potential combinations of 8-character passwords. However, user-created passwords rarely reach this level of complexity.

The primary reason for this is that humans tend to be creatures of habit. A staggering 55% of users rely solely on their memory to keep track of passwords, making it easy to reuse them across multiple sites – including corporate websites, online banks, and social media platforms.

Understanding the Human Tendency to Reuse Passwords


Hackers exploit this human tendency by focusing on obtaining user credentials. Once a username and password are compromised, hackers can use those same credentials to access other sites, creating a significant security risk.

Crafting a Secure, Risk-Focused Password Security Policy

To address the password problem, organizations need to implement a secure, risk-focused password security policy. This can be achieved through various tools and techniques, including:

Specialized Spreadsheets

Specialized spreadsheets can help determine the effectiveness of your password policies by analyzing parameters such as minimum password length, complexity requirements, and expiration periods.

Online Password Strength Checkers

Online password strength checkers can review passwords to determine how easy or difficult they would be for hackers to crack. However, it’s essential to use these tools with caution and never input real passwords into them.

Password Auditors

Password auditors like Specops Password Auditor can help identify and resolve potential password-related vulnerabilities. This tool quickly scans Active Directory for weak or compromised passwords and identifies stale or inactive privileged administrator accounts.

Why Passwords Still Matter

Despite the increasing adoption of alternative authentication methods, such as multi-factor authentication (MFA) and biometric login, passwords remain a critical component of online security. In fact, 88% of the world’s websites and services rely on passwords for authentication.

Enhancing Your Organization’s Security with Password Management Solutions

To strengthen passwords and enforce stringent policies, consider implementing a password management solution like Specops Password Policy. This tool allows you to create custom password rules, ensure compliance with industry regulations, and enforce passphrases. Additionally, it continuously scans your Active Directory against a database of over 4 billion compromised passwords.

The Impact of MFA and Password Managers on Your Risk

Implementing MFA can significantly reduce the risk associated with compromised user credentials. In fact, Microsoft identified that 99% of compromised enterprise accounts lacked MFA.

Password managers can also play a crucial role in minimizing your exposure by generating and storing unique user credentials. These tools prevent users from using compromised passwords and enhance overall security.

Empowering Your End-Users as Your Best Front Line of Defense

While technical solutions are essential to your security strategy, educating and empowering your employees is critical. By implementing strategies such as:

  • Hosting regular security awareness training
  • Encouraging the use of password managers
  • Promoting a security-conscious culture
  • Conducting simulated phishing exercises

you can create a robust defense against cyber threats.

Ready to Strengthen Your Password Security Today?

Try Specops Password Policy now and take the first step towards creating a more secure online environment.

More From Author

Windows Infected with Backdoored Linux VMs in New Phishing Attacks

City of Columbus: Data of 500,000 stolen in July ransomware attack