New data shows that compliance alone is not enough to protect your organization

Specops Software released a new data report this week showing individual compliance regulations and their propensity to allow cracked passwords into the fold. Unfortunately, data shows that up to 83% of known hacked passwords can meet regulatory compliance standards.

This data underscores the need, now more than ever, for additional layers of password security, most often implemented in a password policy, to increase the level of protection for your organization.

Details behind the latest data

The report focused on five major regulatory recommendations, including NIST, PCI, HITRUST, ICO/GDPR, and NCSC. Each standard’s password compliance recommendations included length, complexity, and “recommended actions to avoid compromised passwords.”

Here is an infographic cross-referencing the data collected and the percentage of known compromised passwords that would otherwise meet regulatory recommendations:

The passwords analyzed come from the Specops data subset of 800 million known compromised passwords. They recently announced the addition of 24 million leaked passwords to their growing database of over 2 billion known compromised passwords collected from open source lists and live attack data.

You can read the full Specops report here.

Comments are closed.