Why Weak Passwords Pose a Serious Threat — and How to Reduce Your Risk

The latest industry data shows that nearly every cyberattack today involves misuse of credentials. So it’s worth asking, exactly how do threat actors get those credentials in the first place? In some cases, hackers use tactics like social engineering, phishing or vishing to trick users into providing their username and password. But the truth is, brute force and password spray attacks also remain highly effective techniques — primarily because users continue to choose weak passwords. Join Brian Johnson (CISSP, OSCP and president of 7 Minute Security) to find out how weak the passwords are in your organization, and what you can do to strengthen this part of your security strategy. During this session, you'll learn: •             What tools hackers use to collect and crack passwords and how they work •             How you can manually audit your environment for weak and common passwords •             Where to download lists of weak and common passwords •             How to dump all usernames and hashes from your domain controller and check them against the lists you downloaded •             “Hidden” places on the network (like Active Directory, Group Policy objects and file shares) where passwords often live unbeknownst to sysadmins — but not hackers! •             How you can enforce granular password policies to significantly reduce your risk from password attacks