Specops Software released a new data report this week showing individual compliance regulations and their propensity to allow breached passwords into the fold. Unfortunately, the data shows that up to 83% of known breached passwords can satisfy regulatory compliance standards.
This data points to the need, now more than ever, for added layers of password security—most often implemented in a password policy, to increase your organization’s level of protection.
Details behind the newest data
The report focused on five major regulatory recommendations, including NIST, PCI, HITRUST, ICO/GDPR, and NCSC. Password compliance recommendations from each standard included password length, complexity, and “recommended actions to prevent compromised passwords”.
Here’s an infographic cross referencing the data collected and what percent known compromised passwords would otherwise fulfill regulatory recommendations:
The passwords analyzed come from Specops’ subset of data consisting of 800 million known compromised passwords. They’ve recently announced an addition of 24 million leaked passwords to their growing database of over 2 billion known compromised passwords collected from open source lists and live-attack data.
You can read the full report from Specops here.
