Employees often recycle passwords throughout their work and personal networks. If your internal requirement is to have a capital letter and special character, it’s common practice for employees to use a password they are familiar with, and add a capital letter and exclamation mark. (Example: Exposed Password: cowboys, Variation: Cowboys!, Cowboys1, Cowboys!1, and so on.) Knowing this, hackers will run scripts using Metasploit frameworks (hacking and pen testing tools) to “brute force” their way into an unsuspecting system.
The password identified does not meet our network criteria. Why should we care about this?
Have more questions?
Was this article helpful?
Provide feedback for the Documentation team!
Browse this section
- What does password criteria mean?
- Some of this data is old and includes employees that are no longer working for us. Doesn’t this mean we are not at risk?
- Identified method used to capture/ steal data: how was the data stolen or compromised?
- Does the identification of my organization’s exposed credentials mean we are being targeted by hackers?
- Data source locations & descriptions: where do we find data?
- How are the stolen or exposed credentials found on the dark web?
- How does Dark Web ID help protect my organization?
- What is the dark web?
- What does it mean when a password has a long series of random numbers and letters?
- What is the difference between a privileged user and standard user?
- See more