Why Weak Passwords Pose a Serious Threat — and How to Reduce Your Risk

Presented by

Martin Cannard, VP of Product Strategy at Netwrix and Brian Johnson, Security Consultant & Podcaster at 7 Minute Security

About this talk

The latest industry data shows that nearly every cyberattack today involves misuse of credentials. So it’s worth asking, exactly how do threat actors get those credentials in the first place? In some cases, hackers use tactics like social engineering, phishing or vishing to trick users into providing their username and password. But the truth is, brute force and password spray attacks also remain highly effective techniques — primarily because users continue to choose weak passwords. Join Brian Johnson (CISSP, OSCP and president of 7 Minute Security) to find out how weak the passwords are in your organization, and what you can do to strengthen this part of your security strategy. During this session, you'll learn: •             What tools hackers use to collect and crack passwords and how they work •             How you can manually audit your environment for weak and common passwords •             Where to download lists of weak and common passwords •             How to dump all usernames and hashes from your domain controller and check them against the lists you downloaded •             “Hidden” places on the network (like Active Directory, Group Policy objects and file shares) where passwords often live unbeknownst to sysadmins — but not hackers! •             How you can enforce granular password policies to significantly reduce your risk from password attacks

Related topics:

More from this channel

Upcoming talks (9)
On-demand talks (156)
Subscribers (4507)
Netwrix empowers information security and governance professionals to identify and protect sensitive data to reduce the risk of a breach. Our solutions also limit the impact of attacks by helping IT teams detect, respond and recover from them faster and with less effort. Over 13,000 organizations worldwide rely on Netwrix solutions to strengthen their security and compliance posture across all three primary attack vectors: data, identity and infrastructure.