Successful attacks often use stolen or guessed passwords to gain access with backdoor Trojans and retain access on systems with those legitimate account credentials, according to the 2012 Verizon Data Breach Investigations Report. The firm, which analyzed 855 data breaches involving more than 1.7 million stolen records, urges organizations to change default passwords on point-of-sale systems and other Internet-facing devices. Stolen login credentials were used in 32 percent of the firm's analyzed breaches. In 2012, cybercriminals posted nearly 6.5 million LinkedIn passwords on the Internet, further highlighting the problem of failing to provide account credential protection. Exploitation of default or guessable credentials took place in 44 percent of breaches.
Encourage employees to use strong passwords by setting up a strong password management policy and enforcing it, Verizon said. The most common password used by businesses is "Password1" because it satisfies Microsoft Active Directory default complexity settings.