By Darren James – Senior Product Manager and cyber security expert at Specops Software
To celebrate Safer Internet Day (SID) and raise further awareness around promoting the safe and positive use of digital technology for the theme “Together for a better Internet,” we’ve decided to focus on a critical element within security that many people will be familiar with but seemingly don’t give due attention: passwords.
For the modern person, our daily lives largely involve the internet. Whether that be online banking, connecting with friends and family on social media, checking email, shopping for groceries, or so on. Access to all of these services requires a login and a password. Now, you may think users are using strong, unbreakable, long passwords, not least because many sites now mandate passwords to meet certain requirements. After all, passwords are often all that separates the outside world from gaining entry to our sensitive information.
However, this isn’t the case as many people are still either not changing the default password or using generic, easy-to-crack credentials instead. Speaking plainly, most of us are guilty of using lazy passwords, or reusing credentials at some point in our lives.
This poor display of security behaviour is very visible in the working world and our recent findings in the 2025 Breached Password Report only highlight the critical importance of SID’s mission in improving cybersecurity habits for everyone.
The password “123456” was the most frequently compromised, appearing in more than 1.4 million leaked credentials. Alarmingly, among the 1.8 million breached administrator credentials, 40,000 admin portal accounts used “admin” as the password, highlighting that even IT professionals may not be prioritizing security.
Over a 12-month period, more than one billion credentials and passwords were stolen through malware attacks. This alarming statistic underscores the need for robust cybersecurity measures and increased awareness about online threats.
One of the key findings is that 230 million of the stolen passwords met common complexity requirements (over eight characters, including uppercase letters, numbers, and special characters). This indicates that adhering to standard password policies alone is insufficient to protect against sophisticated attacks.
With breaches often costing companies millions for each incident, the cost of lazy passwords could be seriously detrimental to any business.
The stats highlight the brutal truth that relying on end users to maintain strong password security is a losing battle. Even with cybersecurity training and strict password policies, human error remains the weakest link. Security professionals must take a proactive approach (that does not rely on end users) by implementing robust security measures – such as multi-factor authentication (MFA) and password managers – rather than assuming awareness alone will keep systems secure.
Enhancing password security is crucial for protecting organizations against cyber threats. Here are five key tips to strengthen your organization’s password practices:
Train Employees on Secure Password Practices
Educate staff on password security risks, such as weak storage methods and easily guessed passwords. Ultimately, we want to help users by providing detailed, local language feedback when they set or change their passwords.
Enforce Strong Password Policies
We want to encourage the use of longer passphrases, using memorable words so that users are less likely to write them down. Policies can include increased password expiry time but to avoid users incrementing the same password, organizations must continuously check the password and require it to be changed if it becomes breached. Furthermore, certain departments or individuals may require specific password policies for compliance requirements, so this needs to be accounted for.
Defend Against Brute-Force Attacks
Protect accounts by locking them after multiple failed login attempts and blocking suspicious IP addresses. Configure these settings in Active Directory and other security systems. Organizations can start by blocking easy-to-guess passwords that might relate to the company or business.
First-Day Password & Promptly Deactivate Departing Employee Accounts
When a new employee joins, having a “First Day Password” security capability will enable the user to securely set their initial password, eliminating the need for IT to share temporary credentials and reducing onboarding security risks. Moreover, when an employee leaves the company, immediately disabling accounts will prevent unauthorized access. Updating shared passwords will also minimize security risks.
Implement Multi-Factor Authentication (MFA)
Strengthen security by requiring multiple verification steps, ensuring access is not solely dependent on passwords.
With Safer Internet Day 2025, we can’t let another year pass and not take the required action. It’s imperative to reflect on these findings and take proactive steps to safeguard our digital lives. By working together, we can create a more secure and trustworthy internet for all. Furthermore, by adopting these strategies, your organization can significantly improve its password security posture and reduce the likelihood of breaches related to compromised credentials.
Specops Software Boosting Multi-Factor Authentication Layers for Active Directory With Specops Secure Access
Posted in Commentary with tags Specops on March 4, 2025 by itnerdSpecops Software, an Outpost24 company and leading provider of password management and user authentication solutions, today announced the launch of Specops Secure Access, a new capability that provides multi-factor authentication (MFA) to Windows logon, Remote Desktop Protocol (RDP), and VPN connections. This new innovation adds a vital layer of security to on-premises or hybrid Active Directory environments, strengthening protection against unauthorized access and credential-based attacks.
Password-based threats are on the rise. Specops Software’s 2025 Breached Password Report uncovered over a billion passwords stolen by malware over a 12-month period, while data by Microsoft revealed that 7,000 password attacks were blocked every second as it tracked more than 600 million identity-based attacks against organizations in 2024. Worryingly, 99.9% of breached accounts lacked multi-factor authentication, highlighting the current landscape of password security necessitates improved defenses against password-related threats and MFA.
Specops Secure Access tackles this issue by integrating MFA into the logon process, enabling organizations to safeguard both user passwords and authentication workflows, reinforcing overall cybersecurity without compromising ease of use. Specops Secure Access provides user-friendly MFA at key points where Active Directory passwords are used. With flexible options, it ensures secure authentication for logon, RDP, and VPN, whether users are online or offline.
Organizations that deploy Speops Secure Access will also meet compliance for a variety of industry standards including:
By using Specops Password Policy, continuous scanning against an up-to-date compromised password database enables organizations to block the use of weak passwords and check Active Directory passwords against a growing database of over 4 billion unique compromised passwords.
Specops Secure Access is available now to all Specops Breached Password Protection customers.
To learn more about Specops Secure Access, click here.
Leave a comment »