The Importance of Custom Dictionaries for Enhancing Password Security

Weak or easily guessed passwords are a significant vulnerability in many organizations. They provide cybercriminals with an easy entry point. One effective solution is incorporating custom dictionaries into the organization’s password policy. A sponsored article in BleepingComputer says this adds an extra layer of password security, ensuring employees cannot use specific words and phrases.

Trained employees are still creatures of habit, and many will opt for easily remembered (and therefore easily guessed) passwords. A tempting option is to use words related to your specific business or industry.

Cybercriminals often employ brute force and hybrid dictionary attacks to crack passwords. Without a custom dictionary in place, they can be extremely effective. For example, hackers might add your organization’s name and products to their attack dictionaries, hoping that some end users have used these terms in their passwords.

Custom dictionaries are lists of words, phrases, and character combinations that employees are restricted from using in their passwords. These dictionaries are tailored to include words specific to the organization and its industry.

Without such protection, passwords may be weak due to users incorporating personal information or commonly used terms. Additionally, custom dictionaries help defend against brute force and hybrid dictionary attacks, where hackers use common words related to the organization to crack passwords.

For example, in a healthcare setting, custom dictionaries include industry-specific jargon, organizational terms, and common password patterns that are easily guessed.

For law firms and in-house departments, customizing password policies with dictionaries that block firm-specific and industry-related terms is crucial. Client data and confidential information make attractive targets for cybercriminals.