Weak Password Policy

Overview

This will be seen time and time again. A simple example is if you compromise an account using the password Winter2024!. This password is 11 characters, includes upper/lower case characters, numbers and a special character but regardless it is still a weak password due to how common it is.

Deny Lists can be created to enforced to strengthen a password policy by blocking dictionary words, common words or phrases and passwords that have already been breached.

Sometimes the organizations password policy could be floating out there in documents somewhere on the internet. You could register for an account and see the password policy on signup. You could even just ask them so you can help them improve upon it

Example

PreviousInsufficient Authentication Controls NextInsufficient Patching

Last updated 10 months ago

Was this helpful?