Employees often recycle passwords throughout their work and personal networks. If your internal requirement is to have a capital letter and special character, it’s common practice for employees to use a password they are familiar with, and add a capital letter and exclamation mark. (Example: Exposed Password: cowboys, Variation: Cowboys!, Cowboys1, Cowboys!1, and so on.) Knowing this, hackers will run scripts using Metasploit frameworks (hacking and pen testing tools) to “brute force” their way into an unsuspecting system.
The password identified does not meet our network criteria. Why should we care about this?
Have more questions?
Was this article helpful?
Provide feedback for the Documentation team!
Browse this section
- I see fake emails (false positives). Why is this important?
- How are the stolen or exposed credentials found on the Dark Web ID?
- What is the Dark Web?
- What does password criteria mean?
- Some of this data is old and includes employees that are no longer working for us. Doesn’t this mean we are not at risk?
- Identified method used to capture/ steal data: how was the data stolen or compromised?
- Does the identification of my organization’s exposed credentials mean we are being targeted by hackers?
- Data source locations & descriptions: where do we find data?
- How does Dark Web ID help protect my organization?
- What is the dark web?
- See more