- Attackers crack weak passwords by guessing, using default user credentials, tools and techniques
Weak Password Attack Prevention
- Mandate web application that accepts only increased length of user ID credentials, especially password
- Mandate passwords to be at least 6 characters long with a combination of uppercase and lowercase letters, digits, and special characters
- Impose a password aging policy
- Incorrect authentication failure messages should be avoided
- Implement account lockout policy
- Highly critical applications need multi-factor authentication
Cheng® 