What Is a Password Blacklist and How Is It Serving You?

Cybersecurity might be developing in great leaps, but at the end of the day, we still employ passwords as the most common authentication technique. An individual user has to deal with tens (or maybe an entire hundred) of passwords, but if you’re managing a corporate system, password security suddenly becomes an even more vital part of your business.

There might be many ways to improve your cybersecurity practices, and today, we would like to talk about password blacklists. Password blacklists might not be a fail-proof method to improve your cybersecurity, but it is definitely a decent crutch any business should consider.

What is a password blacklist?

The name is probably rather self-explanatory. A password blacklist refers to a list of passwords that a cybercriminal is very likely to use when they try to access your system. What kinds of passwords are included in the list?

Well, it’s easy to tell that the most common passwords are definitely part of the password blacklist. In fact, everyone should be aware at least of the top 10 of the most common passwords because using these combinations to “protect” an account or a system is a straight way to a cyber hack. However, there’s a lot more to such lists than just common passwords, and that’s what users have to keep in mind if they want to employ password blacklists.

Perhaps the hardest question to answer in relation to this practice is how many passwords there supposed to be on the list for the list to be reliable? And the truth is that there is no exact answer here. Some security experts suggest anywhere between a million or two million passwords, but the list cannot be static because the number of cracked or compromised passwords is growing every single day, and they should be included in the list, too. Not to mention that most of those lists are managed by one-person companies, and it is physically impossible to update them immediately.

Passwords to include in your blacklist

If you decide to employ a password blacklist, the most logical decision would probably be coming up with your own custom blacklist. Of course, this works if you have enough resources to work on it, but if you can afford it, that’s definitely something we recommend. After all, any company will have context-specific passwords (related to that particular system and the particular business), so creating your own blacklist and regularly updating it would most certainly improve your system’s security.

The most common passwords surely have to go on that list, and if you can, you should encourage your security team to go through multiple static password blacklists to include as many cracked passwords on your list as possible.

Also, to improve the quality of your blacklist, you have to know how hackers work to reach vulnerable systems. Aside from using the most common passwords, they also employ password cracking dictionaries that include word lists and various password combinations that can be used to crack multiple systems. Make sure you include those dictionaries on your list, too.

What’s more, let’s not forget the context-specific passwords that will be applied only at your company. For instance, if you include the name of your company or your product in the passwords that you use, it is a lot easier to guess them. Hence, such passwords should also be included in the list.

Aside from something that is slightly easier to guess, password blacklists should also include potential passwords that are similar to something that you’ve already used. Also, let’s not forget the leet-speak and fuzzy-password matching.

If you have a blacklist employed, your employees won’t be able to apply compromised credentials (as people often do that without really meaning to). Needless to say, it might be hard to maintain and regularly update a password blacklist. For that reason, we would also recommend addressing and employing professionals who would help you keep your blacklist relevant.

What about my actual passwords?

Here you might wonder what happens to your password practices when you employ a password blacklist. For instance, does this mean that you can no longer use context-specific passwords? Actually, yes. It would be for the best if you refrained from using words that are easy to guess because that’s clearly not the best combination of a password.

We do realize, however, that dropping the practice of employing context-specific passwords (for instance, using all sorts of company name and product variations) poses certain inconveniences. After all, it’s really easy to recycle such passwords simply by changing several characters or adding numerals to the passwords that you use. Yet again, renewing your passwords like that put them into the similar password category, and it makes the hacker’s job of cracking your system’s walls a lot easier.

Since you can no longer do that, what would be the best combination of a password? We think that you most definitely know the basics, and you surely understand that a strong password has to be long and random. That is to say, the letters and the numbers should not have any specific meaning that would be easy to guess. Also, whenever you renew your passwords, these complicated and absolutely random sequences should be replaced by similarly long and strong strings of characters.

Now, you might say that it is a pain to maintain such passwords, especially in the business setting, because there are countless accounts that need protection, and with the constant need to renew your passwords, it would be hard to keep track of them. That is, of course, true if you think that you would need to write them down and then come up with unique passwords yourself.

Nevertheless, with the blacklist limiting the scope of passwords you can use and the constant need for new unique passwords, you should definitely employ a password manager to generate new strong passwords and store them under safe encryption. For instance, you can try out Cyclonis Password Manager to see how that works. It is a lot harder to crack passwords generated by a tool that was created to ensure your password safety. Also, a password manager can protect your business by storing all the passwords you and your employees use in its encrypted vault. It is clear that by employing both a password manager and a password blacklist, you would significantly improve your cybersecurity.

By Foley
July 3, 2020
Password Security
July 3, 2020
Password Security

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Password Security

Happy World Password Day! Now Go and Fix Your Passwords!

We have World Toilet Day and World Laughter Day. It's only logical to have a day dedicated to another thing we encounter on a daily basis – passwords. Security specialist Mark Burnett was the first person to suggest... Read more

May 3, 2018
Password Security

Why You Shouldn't Reuse Passwords

During your school years did you ever become frustrated when someone in your class shared the same name as you? Better yet, was there ever a time that someone improperly identified you as someone else? Such... Read more

March 14, 2018
Password Security

Google Introduces Password Security Changes

Login credentials remain to be one of the most targeted pieces of information by cybercriminals. Consequently, cybersecurity experts talk more and more about bad password habits and measures that both companies and... Read more

December 11, 2019
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.