Good Passwords for Bad Bots Research Report

New Research Shows Password Health is on Life Support

With so much of the workforce operating on virtual machines in the cloud, it is critical to know just how secure the most common access points really are. This report takes a look at credentials associated with SSH and RDP — two of the most common remote access protocols — and the findings are troubling, if not surprising.

This report cross references Rapid7’s own honeypot network with well-known password lists used by pentesters and attackers to determine the most common credentials used today and just how easy it is for automated attacks to guess these bad credentials.

In this report you’ll learn:
• The most commonly used (and attacked) usernames and passwords and where they come from
• How auditing endpoints for default passwords and encouraging the use of password managers can make your network less vulnerable
• How little improvement in password health has actually taken place since we last looked in 2016

Discover more findings in the full report.