One of the crucial profitable types of password breaches happens when hackers merely guess generally used passwords. And whereas organizations usually spend money on superior safety measures, they often overlook this primary stage of safety.
Making a customized dictionary can assist stop workers from utilizing passwords which might be more likely to be guessed. Right here’s what your online business must learn about what makes a great password dictionary and the way an AI software like ChatGPT can assist you brainstorm probably weak passwords.
Why customers select weak passwords
A person doesn’t got down to choose a weak password deliberately — they merely select a password they will simply keep in mind, usually utilizing firm names, dates, or easy phrases.
Attackers benefit from this by launching dictionary assaults, pairing automated instruments with phrase lists to shortly check hundreds of password variations.
What makes an efficient password dictionary
A password dictionary blocks customers from choosing identified weak passwords. It incorporates:
- Commonplace weak phrases like “admin123” or “welcome”
- Your group’s title and product names
- Phrases particular to your business
- Passwords uncovered in information breaches
- Widespread variations of those phrases
Utilizing AI to create your dictionary
Need some assist creating your customized dictionary? Think about using ChatGPT or comparable AI instruments to hurry up the method.
Right here’s methods to make it occur, together with pattern prompts:
Get identified weak passwords
Ask the AI to record extensively used password databases like HaveIBeenPwned and DeHashed. These databases present which passwords attackers already know and goal.
Pattern immediate: Are you able to please give me a listing of databases that acquire passwords which might be identified to be breached?
Add company-specific phrases
The AI wants particular particulars about your group to generate related password patterns. Here is methods to construction your request:
Pattern immediate: I wish to create a customized dictionary to assist stop workers from utilizing simply guessed passwords. Our firm, ACME Company, is predicated in Dover, Delaware. Our major merchandise are the ACME app, the ACME widget, and the ACME platform. Are you able to please create a listing of weak passwords our workers could also be utilizing?
The AI will analyze totally different classes, together with:
- Firm title and variations, together with frequent misspellings and abbreviations your workers may use. If your organization is “Acme Enterprise Options,” embody “ABS,” “acmebiz,” and comparable variations.
- Product names, together with inside codenames and growth variations that workers may know. Bear in mind to incorporate each present and discontinued merchandise.
- Workplace areas, together with road and metropolis names, constructing names, and even native landmarks that workers may reference.
- Inside mission names, each present and historic, as workers usually use these in passwords as a result of they’re memorable and appear distinctive.
- Business phrases, together with technical jargon, instruments, and techniques particular to your discipline. Embody each full phrases and customary abbreviations.
- Inside acronyms utilized in firm communications, mission names, or division designations. These really feel safe to customers however are sometimes predictable.
Generate password variations
After you have added company-specific phrases, ask the AI to generate predictable variations customers may create. Here is methods to get complete outcomes:
Pattern immediate: “Utilizing these firm phrases [list your terms], please generate all frequent variations that meet primary password necessities. Embody quantity patterns, particular characters, capitalizations, and combos.”
The AI will generate variations like:
- Numbers on the finish: The AI will present how customers may add their delivery yr or division quantity. Instance AI output: “marketing22, Marketing2024, MKTG2023!”
- Particular character substitutions: The AI will change letters with similar-looking symbols. Instance AI output: “M@rket!ng, $ales_team, Hr_D3pt”
- Capital letter patterns: The AI will present frequent capitalization selections. Instance AI output: “MarketingTeam, MKTG_dept, SalesHQ”
- Phrase combos: The AI will mix phrases in predictable methods. Instance AI output: “MarketingSouth, TeamNY22, SalesPro”
Managing your password dictionary
Like different points of cybersecurity, managing your password dictionary isn’t a one-time occasion; it must be an ongoing course of. Replace your dictionary, including new firm phrases everytime you launch merchandise or begin tasks.
Verify your logs for failed password makes an attempt to establish patterns customers try. And make sure you overview your dictionary quarterly to take away outdated phrases and add new variations.
Further password safety
Password dictionaries can improve your safety however can’t single-handedly shield your group. To cut back your group’s vulnerabilities, use password dictionaries together with different safety measures, together with:
- Actual-time breach safety: Monitor for stolen passwords by constantly checking present passwords in opposition to new breach databases
- Multi-factor authentication: Require two-factor authentication for all accounts, particularly these with administrative entry
- Safety consciousness: Prepare customers in password safety, explaining why sure passwords get rejected
Integrating password safety instruments
For the best stage of safety, think about using a software that mixes customized dictionaries with breach monitoring.
For instance, Specops Password Coverage permits you to simply create and import a personalized record of banned passwords, then constantly checks your Lively Listing in opposition to that record and an always-updated record of over 4 billion breached passwords.
Through the use of a software like Specops Password coverage, your group can routinely block compromised passwords, serving to hold your folks, your techniques, and your information protected.
Get in contact and we are able to set you up with a free trial.
Sponsored and written by Specops.
