The internet security firm SplashData publishes an annual list of the top 25 “worst” passwords among the prevalently North American and West European users. For the year 2015, the list is topped by: “123456”, “password” and “12345678”.
Anyone who continues to use a password that is on SplashData’s list published by TeamsID.com is simply asking to be hacked. These passwords, together with scores of similar ones, are part of every “password guessing” toolkit widely available to anyone on the web.
Is your organisation using weak passwords? How would you know?
Do you have a policy on how passwords should be used withinin your organisation?
Do you mandate and enforce a certain level of password complexity?