New Data Shows Compliance Falls Short of Protecting Your Organization

Specops Software released a new data report this week showing individual compliance regulations and their propensity to allow breached passwords into the fold. Unfortunately, the data shows that up to 83% of known breached passwords can satisfy regulatory compliance standards.

This data points to the need, now more than ever, for added layers of password security—most often implemented in a password policy, to increase your organization’s level of protection.

Details behind the newest data

The report focused on five major regulatory recommendations, including NIST, PCI, HITRUST, ICO/GDPR, and NCSC. Password compliance recommendations from each standard included password length, complexity, and “recommended actions to prevent compromised passwords”.

Here’s an infographic cross referencing the data collected and what percent known compromised passwords would otherwise fulfill regulatory recommendations:

% of passwords found to be compromised but otherwise compliant

The passwords analyzed come from Specops’ subset of data consisting of 800 million known compromised passwords. They’ve recently announced an addition of 24 million leaked passwords to their growing database of over 2 billion known compromised passwords collected from open source lists and live-attack data.

You can read the full report from Specops here.