Are you blocking "keyboard walk" passwords in your Active Directory?
IT admins usually know what to watch out for when end users are creating weak, easy-to-guess passwords. However, a common yet overlooked type of weak password are keyboard walk patterns. A keyboard walk password typically refers to a password created by moving sequentially over the keyboard keys in a pattern that resembles walking.
These are passwords formed by keys that are next to each other on the keyboard, such as 'qwerty' or 'asdfgh'. This could be in a straight line across, vertically down, or in a zigzag pattern.
While these patterns are easy for users to remember and might even look random at first glance, they pose a significant security risk. These patterns create predictable passwords that are considered weak because they’re easier to guess or crack using automated tools.
Why do end users use keyboard walks?
The simple reason end users create keyboard walk passwords is because they’re easy to remember. When given a choice, end users prioritize speed and ease of memorization over security. Following a pattern of keys located next to each other on the keyboard provides a quick and memorable way to form passwords.
Recent research by Specops Software has revealed that keyboard walk patterns are widespread in compromised passwords. For example, the pattern 'qwerty' was found over 1 million times in an analyzed set of 800 million compromised passwords.
This is the most common keyboard walk – there are many other patterns end users can choose from their keyboard.
Some examples of keyboard walk passwords that might look secure at first glance include; 'qwertyuiop', 'Zxcvbnm', and 'iuytrewQ' – but these are predictable and commonly found in compromised password data.
Organizations also need to consider different keyboard layouts that might be used by people working in different countries. The most common keyboard layouts are Qwerty, Azerty, and Qwertz.
Find keyboard walks in your Active Directory
Interested to know how many end users are using keyboard walk passwords in your organization?
Run a read-only scan of your Active Directory with Specops Password Auditor and get an exportable report detailing your password-related vulnerabilities.
Why are keyboard walks so easy to crack?
A keyboard walk password is just as weak as a password like 'admin' or 'password' because it follows a predictable pattern that can be easily guessed by attackers.
Hackers use brute force techniques to crack keyboard walk passwords by systematically trying all possible combinations of keys that follow predictable patterns on the keyboard.
They use tools that automate the process of testing these common patterns, allowing them to efficiently guess passwords that follow such sequences.
Additionally, hackers use dictionary techniques by leveraging pre-defined lists or 'dictionaries' of common passwords, which include keyboard walk patterns used as base terms in weak passwords like 'qwerty' or '123456'. By systematically attempting these common patterns, hackers can effectively exploit users' tendencies to use simple and easily remembered passwords.
Block keyboard walk passwords
Part of the battle is educating end users about what makes a strong password and helping them to create memorable ones – as looking for shortcuts is what leads to keyboard walk patterns in the first place. Organizations can encourage end users to create strong passphrases by educating them about the advantages of using longer passphrases over complex passwords.
They can guide people to create passphrases that are made up of least three random words long and over 15 characters in total. Additionally, organizations ought to block end users from choosing weak and compromised passwords, including keyboard walks.
Using tools like Specops Password Policy can help block common words and continuously monitor for compromised passphrases. Your password policy should blocks user names, display names, consecutive characters, incremental passwords, and the reuse of parts of current passwords.
Additionally, Specops Password Policy allows organizations to create a custom dictionary of blocked words, further preventing the use of common or predictable passwords.
Specops Password Policy is also able to continuously scan your Active Directory against a database of over 4 billion compromised passwords, ensuring that users cannot choose passwords that have been previously exposed. This comprehensive approach helps protect against targeted attacks and strengthens overall password security. By implementing Specops Password Policy and Breached Password Protection, you can enhance your organization's cyber resilience and comply with industry regulations such as NIST.
Don’t let predictable password behaviors compromise your network security. Take proactive steps to block keyboard walk patterns and protect your Active Directory from potential attacks.
Schedule a demo or start a free trial with Specops Software today to see how you can secure your passwords effectively – speak to an expert today.
Sponsored and written by Specops Software.
source: BleepingComputer
Free security scan for your website
Top News:
Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474)
November 18, 2024CWE top 25 most dangerous software weaknesses
November 21, 2024Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor
November 21, 2024Hackers now use AppDomain Injection to drop CobaltStrike beacons
August 24, 2024