IT admins often complain about users who choose weak, easy-to-hack passwords. But some new information shows the people in IT may also need a refresher on best password practices.
Microsoft is warning of a new worm, dubbed Morto, that attempts to compromise Remote Desktop connections.
The worm doesn’t exploit a vulnerability in Microsoft’s Remote Desktop Protocol, but simply tries to log in to accounts by guessing common password and username combinations. For example, the worm tries to log in using names such as “admin,” “administrator,” “user,” and “support,” and passwords such as “12345,” “password,” “abc123,” and “1q2w3e.”
So far, Morto’s affected both consumers and businesses in 87 countries, Microsoft reported in a post on the company’s Malware Protection Center blog.
While it’s probably mostly users who are using one of those passwords, 10% of successful Morto attacks affected systems running Windows Server products — which are most likely manager by IT staff members, who should know better.
Using weak and common passwords will leave your company’s network vulnerable to not only the Morto worm, but other types of attacks as well. Here are password tips from Microsoft that you can pass onto users — and you’ll probably want to share them with IT staffers, too:
- Passwords should use letters, punctuation, symbols and numbers.
- Whenever possible, use at least 14 characters.
- The greater the variety of characters in your password, the better.
- Use the entire keyboard, not just the letters, numbers and punctuation marks you use or see most often.