Search

Weak Password Policy

This is very common

Identify:

  • Winter2024!
  • would be a password that passes password policy but still a bad password
  • Public password policy
  • registration page
  • Ask them

Use DENY LIST to block bad passwords like season+year or month+year or Password1! or rockyou passwords

Remediation:

  • Stay up to date with NIST recommendation for the most up to date recommendation for password policy