Search

Security Advisory: Custom Dictionary for Passwords

RGSA 10-31-24

Date: October, 31, 2024

 

Introduction

Custom dictionaries are a type of password policy that helps with enhancing security to create complex and less predictable passwords. The lists go beyond normal everyday terms and include specific terminology related to an organization and industry to provide additional defense against credential stuffing attacks. Custom dictionaries are very important because in today’s generation of cyber attacks, passwords are a highly targeted source point for threat actors.

Custom Dictionaries are needed today because:

  • Weak Passwords: Users often create easily guessable passwords based on personal information or common phrases.
  • Brute Force Attacks: Cybercriminals use brute force and hybrid dictionary methods to crack passwords, particularly targeting industry-specific terms.
  • Social Engineering: Attackers can gather information about a company and its employees, using this to craft targeted password lists.
  • Industry Vulnerabilities: Each industry has unique jargon that can be exploited in password attacks.

Example of Custom Dictionaries: 

  • Organization-Specific Terms: Names unique to the organization should be banned (e.g., University building names, such as “Rotman”).
  • Common Patterns: Prohibiting easily guessable formats (e.g., “UofT123!” or “Nurse2024!”) encourages stronger passwords.

There are enterprise tools available such as Specops Password Policy that help to facilitate the creation and integration of custom dictionaries into an organizations Active Directory for enhanced password protection. For individuals, the easiest way to have access to custom dictionaries is through password managers such as 1Password or LastPass, as they have custom dictionary policies already included within them.

HOW RICHTER GUARDIAN CAN HELP YOU

  • Call us or send us an email at: +1 844-908-3950 and support@richterguardian.com Connect with our cyber concierge to discuss ways to create a custom dictionary or best practices when creating a password.
  • We can help set up a password manager tool such as 1Password for your personal custom dictionary needs.