A brand new report from cybersecurity consultants at Specops has revealed the most typical passwords utilized in assaults in opposition to Distant Desktop Protocol (RDP) ports. The analysis, which analyzed stay assault information, highlights how weak passwords stay a major safety vulnerability.
The Specops report examined NTLMv2 password hashes collected by their honeypot system between late 2024 and March 2025.
The researchers have been in a position to crack roughly 40% of the recorded hashes, offering perception into the precise passwords being utilized in brute pressure and password-spraying assaults in opposition to RDP.
Most Frequent Passwords in RDP Assaults
The evaluation recognized the ten most ceaselessly used passwords in RDP assaults, that are:
- 123456
- 1234
- Password1
- 12345
- P@ssw0rd
- password
- Password123
- Welcome1
- 12345678
- Aa123456
The information reveals that attackers ceaselessly depend on primary numeric sequences and predictable variations of the phrase “password.”
Notably, “123456” was additionally essentially the most generally stolen password within the Specops report, underscoring end-users’ continued reliance on straightforward to recollect, and simply guessable, credentials.
Why RDP is a Prime Goal
RDP, which operates over TCP port 3389, is broadly used to facilitate distant work and IT administration. Nonetheless, its accessibility additionally makes it a frequent goal for cybercriminals.
Attackers scan for uncovered RDP servers, leveraging brute pressure techniques to realize entry to company networks.
Many organizations report 1000’s of failed login makes an attempt each day from bots, ransomware operators and different malicious actors.
Password Complexity Developments
The report additionally analyzed the character composition and lengths of passwords utilized in RDP assaults, discovering that:
- 45% of passwords consisted solely of numbers or lowercase letters
- Solely 7.56% included a mixture of uppercase, lowercase, numbers and particular characters
- The most typical password size was eight characters (26.14%)
- Lower than 1.35% of passwords getting used to assault the RDP port exceeded 12 characters
These findings recommend that implementing longer and extra complicated passwords might considerably cut back the danger of RDP compromise.
Strengthening RDP Safety
Specops recommends a number of measures to defend in opposition to RDP-based assaults, together with:
- Implementing multi-factor authentication (MFA) for RDP connections
- Making certain RDP servers should not straight uncovered to the web
- Frequently updating Home windows servers and making use of safety patches
- Proscribing RDP entry to a restricted vary of IP addresses
- Imposing sturdy password insurance policies and blocking compromised credentials
Organizations seeking to assess their present password dangers can use instruments like password auditing software program or credential monitoring providers to determine weak and breached credentials inside their Lively Listing environments.
As cyber-threats proceed to evolve, taking proactive steps to safe RDP connections stays important for stopping unauthorized entry and potential information breaches.
