Compromised Passwords

Hackers Don’t Break In, They Log In

Did you know that one-third of malware breaches are caused by password-dumping malware? Compromised login credentials are involved in most data breaches, with 86% of web application attacks arising from this issue (Verizon, 2023). Understanding the root cause is the first step towards better password security and stronger identity protection.

Password field with green stars filled in against a background of ones and zeros
Weak or easily cracked passwords are a hacker’s dream. Threat actors can often find their way into multiple accounts and cause much damage by gaining access to even one password. A strong password is one of the best lines of defense against malicious cyber activity.
Credentials compromise is a serious threat that refers to the unauthorized access of user login credentials. Once obtained, these credentials can be used to infiltrate sensitive systems or data. The consequences of credential compromise can be severe, including financial loss, reputational damage, and liability issues.
Healthy password habits include avoiding password reuse, using complex combinations that include numbers, symbols, and uppercase and lowercase letters, as well as changing your passwords regularly.
The most efficient ways to keep passwords safe include using a password manager and enabling multi-factor authentication (MFA). A password manager is a great tool for storing and generating passwords and even securely sharing corporate credentials. As for MFA, it should be a must-have if it hasn’t been already adopted in your organization.
Identity security protects human and machine identities and ensures access is granted to only authorized parties. It takes a combination of various security measures like multi-factor authentication, credentials management, and enforced access control through risk policies to deliver complete identity security.

How Do Attackers Compromise Passwords?

Since usernames and passwords are often the only hurdles to accessing systems that yield financial rewards, hackers have taken a keen interest in lifting them when possible. Some common ways to compromise this information include:

Red fishhook in front of someone typing on a laptop keyboard

Phishing and Spear Phishing

Phishing, which makes up 44% of social engineering incidents (Verizon, 2023), is a common tactic hackers use to send emails and text messaging to trick users into entering credentials on malicious web pages or forms. These phishing attempts can be highly convincing and even sophisticated enough to target and dupe individuals with a great deal of privileged system access, known as spear phishing.

Skull outline created using the blank space between lines of blue print code

Dark Web Markets

Over 550 million stolen passwords have made their way onto the dark web since 2017 (CNET, 2021). Major data breaches can expose many user credentials and other personal information, including birthdays, credit card numbers, addresses, Social Security numbers, and more. Cybercriminals often package all that information for sale to other bad actors on the dark web.

Blue sticky note on the edge of a laptop keyboard with My Password 123456 written on it in black marker

Brute Force Attacks

Knowing people tend to favor simple, easy-to-remember passwords, threat actors use brute force techniques to steal credentials. This involves many attempts to guess the correct password, often with automated tools that can circumvent limitations on authentication attempts and check tens of thousands to hundreds of millions of passwords per second.

Red shadowed figure in a hoodie with a broken red wi-fi icon in front

Evil Twin Access Points

Using an easy-to-find $99 device, cybercriminals can spoof a legitimate Wi-Fi hotspot and fool people into connecting. This technique enables them to observe network traffic, record user keystrokes, steal data and passwords, and more.

Arm in a gray suit with the hand touching glowing icons on a screen in front

Poor Password Practices and Password Reuse

44% of workers reuse passwords across personal and work-related accounts (Tech Republic, 2021). Password reuse, passwords based on personal information, and the lack of tools like password managers make it easy for threat actors to crack passwords.

eBook: Add Security to Keep Identity Real

  • Passwords are easy to hack and provide only one line of defense.
  • Not all MFA solutions are created equal.
  • Protecting passwords should be priority number one to prevent a leading cause of data breaches.
Get the eBook

Choose a Comprehensive Security Approach

WatchGuard works with leading managed service providers to help organizations protect identities, assets, networks, and information. Let your company work confidently and worry-free with easy-to-use and complete security solutions.

WatchGuard AuthPoint screens showing on laptop and phone screens

Comprehensive Multi-Factor Authentication

AuthPoint MFA offers offline and online authentication methods, SAML-based web single sign-on (SSO) access to applications, and a unique mobile DNA feature that provides SIM swap protection.

Choose Award-Winning Authentication >

Credentials Manager showing on a phone screen next to a desktop screen with a password box on it

One-Stop-Shop Credentials Management

AuthPoint Total Identity Security has all you need to protect identities, including a corporate password manager with an all-in-one user and admin management experience and dark web monitoring services to proactively detect when a password is exposed on the darknet.

Start Mitigating Password Risks >

WatchGuard Unified Security Platform icon on top of glowing globe

Trusted Wi-Fi Networks

Tackle wireless network security challenges like rogue access points, network visibility gaps, and a lack of control. Build a framework that meets the needs of remote users, distributed enterprises, and the ever-growing number of connected devices.

Build Secure Wireless Environments >