Analysis of over 14 millions of brute force attacks on “ honeypots ”from Microsoft reveal that“ 77% of attempts used a password between 1 and 7 characters long. A password longer than characters was seen in only 6% of cases ”, underlines The Record.
Ross Bevington, security researcher at Microsoft, specifies that only 25% of attempts included at least one number, 7% a special character, and no white space.
The researcher’s results suggest that ten-character passphrases including special characters are most likely out of order. ‘safe from the vast majority of brute force attacks, as long as they have not been disclosed online and therefore are not part of attackers’ dictionaries.
- Passphrases: ANSSI switches to mode 2.0
The database data of over 10 billions of brute force attacks attempted against Microsoft’s honeypot server network further indicates an increase in 110% of attacks targeting Docker and Kubernetes systems compared to last year, of 178% for network printing services, and of 325% for RDP servers.
- Passphrases: the CNIL also switches to mode 2.0
“ The stats on SSH and VNC are just as bad – they just haven’t changed much since the last year , ”says Bevington.