Key Findings: The SpyCloud 2018 Annual Credential Exposure Report

Key Findings: The SpyCloud 2018 Annual Credential Exposure Report

We here at Solutions Review frequently discuss the issues surrounding credential exposure and password security. We focus in on these issues concerning identity and access management because the vast majority of users, both employees and privileged users, interact with the digital perimeter and their identities through their credentials. Therefore, credential exposure remains a key security issue.

To highlight the severity of the credential exposure epidemic, we consulted the SpyCloud 2018 Annual Credential Exposure Report. SpyCloud serves as a breach prevention and account takeover prevention solution provider.

Here’s what we learned.

The SpyCloud 2018 Annual Credential Exposure Report  

According to SpyCloud, of the 3.5 billion exposed credentials they recovered in 2018 password, exactly reused credentials account for 24%. 90% of the reused passwords were nearly identical. A study of 1 billion leaked user accounts found 20% reused the exact same password, and 27% used a near identical password.

SpyCloud also comments on the paradox of encryption concerning account exposure. Encrypting passwords can help enterprises secure their users’ passwords; however, the most common forms of encryption only provide a weak barrier against hackers. Hackers have learned how to crack hashes such as unsalted md5 and sha1.

Therefore, enterprises should take more steps to protect their users’ passwords and credentials. Deploying and enforcing multifactor authentication or at least two-factor authentication can mitigate credential exposure.  

The SpyCloud Findings in Context

The SpyCloud report on account exposure doesn’t exist in a vacuum. In fact, their findings support a wide range of studies demonstrating the issues surrounding user passwords. These studies reveal:  

  • 81% of breaches stem from weak, stolen, or reused passwords, according to Verizon.
  • Nearly 10% of users selected at least one of the 25 worst passwords for one of their accounts, according to SplashData.
  • 59% of users repeat their stolen passwords, according to Rachael Stockton of LogMeIn.

You can read the full SpyCloud 2018 Annual Credential Exposure Report here.

Ben Canner

Ben Canner

Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner