How to know if your password has been compromised

Almost a third of charities identified a cyber attack on their system in the last 12 months, according to research from the Department of Digital, Culture, Media, and Sport (DCMS). Nearly four in ten of those attacks had an impact on the organisation’s services, with 19% “resulting in a negative outcome”.  The risk to charities from cyber breaches is very real.  

Cancelled services, data breaches, and loss of reputation and funds are all likely consequences for charities experiencing a cyber attack. Charities are prime targets due to the wealth of data they hold and more limited resources to protect it.  

The DCMS report also found that charities are less likely than businesses to employ technical cyber security controls, while charity workers are also more likely to use their own devices for work regularly. It can be difficult for organisations to control the level of cyber security on personal devices, ensuring that updates to software are made regularly or that passwords are sufficiently protected.  

Passwords are perhaps the most well-known cyber security measure for organisations, alongside antivirus software.

But passwords can also be easily breached, particularly when they are reused across multiple accounts and platforms and follow common patterns and themes.   

Almost two thirds of people (65%) reuse their passwords, according to research from Google, while only 24% use a password manager. Password managers can help your teams to have stronger, more complex passwords that differ on each account by keeping them safe and autofilling them as needed, negating the need for people to remember multiple passwords for everything they need to access at work.  

How to make your passwords stronger 

The 2023 Weak Password report from password security experts Specops found that. 88% of  passwords used in brute force attacks – which involve using a list of frequently used and previously compromised passwords against a user’s email to gain entry to the account – were 12 characters or less, with the most common password length being 8 characters.  

More than four in five (83%) compromised passwords satisfied the length and complexity requirements of regulatory password standards and the most common base password used to attack networks is still ‘password’. 

Many organisations are failing to address this challenge. To begin with, users need to be supported in the creation of strong passwords. While security awareness training is important, effective password security should encompass technical controls.  

Going forward, it is crucial to prevent weak, reused, incremented, or compromised passwords, which isn’t possible out of the box from Microsoft. A third-party password policy tool empowers users in creating unique, stronger and memorable passwords.  

These tools can automatically block common terms used in a custom dictionary and prevent the use of compromised credentials. For instance, Specops Password Policy offers this functionality along with a constantly updated compromised password database containing over 3 billion passwords. 

Passwords that are easily guessed, or even already compromised, will leave charities vulnerable, especially if they are reused across multiple platforms.  

It is vital that charities understand more about their password usage, put in place policies to mitigate password reuse, and fix any vulnerabilities before a cyber attack takes place.