Passwords exist solely for security. Don’t want anyone accessing your account? Use a password. Was your account compromised? Resetting your password becomes your first priority. In some cases, a single password is all that stands between your data and cybercriminals.

Knowing all that, a new report from Preempt contains some astounding data relating to passwords used in businesses. Preempt studied 100 total organizations. The size of these organizations consisted of small (less than 100 employees), medium (100 to 1,000 employees), and large (1,000+ employees).

Where are the strong password policies?

Strong passwords have become the norm. Sign up for an account on most websites, and you’ll see a strength meter. Networks typically require strong passwords by default. However, out of 100 organizations, only 5 employed strong password policies on their network. 23 organizations allowed for very weak passwords.


organizations enforced strong passwords.


organizations allow very weak passwords.

What’s wrong with weak passwords?

Not sure what makes a strong or weak password? Read our NIST Password Guidelines and How To Not Fail At Passwords. In a nutshell, weak passwords are a hacker’s dream. Report researchers attempted to crack user passwords in each of the organizations tested.

Researchers cracked accounts in


of large organizations.


of medium organizations.


of small organizations.

The results were less than stellar. They successfully cracked 9 percent of large organizations and 10 percent of medium organizations. Small businesses performed much worse with researchers cracking 17 percent of their passwords.

Network policies and accounts have holes.

In our post, 7 Tips For Effective Cybersecurity, we recommended using a standard account for daily use. Admin accounts should only be used when necessary. This report found that 72% of networks had at least one stealthy admin account. A stealthy admin account is an account that has special permissions granted outside Active Directory. Nearly 61% had more than one stealthy admin account.

To make matters worse, 1 in 3 networks have some passwords exposed in Group Policy Preferences. Any authenticated user could potentially find these passwords without too much work. Often, the passwords belong to an admin account, which could provide someone full access to your network.

How do you improve security?

Managing cybersecurity at a business level requires ongoing education and continual attention to detail. Fortunately, no business has to walk that road alone. No matter the size of the client, Pit Crew IT Services secures and maintains client networks to keep up with the ever-changing digital landscape. Let us help you mistakes within and attacks without. Contact us today for a free consultation and evaluation of your network.

Get a FREE IT Consultation!

Start Now