- DORA, PCI DSS 4.0 and the future of compliance
- Cisco, Nvidia team to deliver secure AI factory infrastructure
- The 15 best early Amazon Spring Sale laptop deals 2025
- The 25+ best early Amazon Spring Sale headphone deals
- 12 Apple Pencil Pro tips and tricks that turned me into a stylus fan - plus it's on sale
New Report Highlights Common Passwords in RDP Attacks
A new report from cybersecurity experts at Specops has revealed the most common passwords used in attacks against Remote Desktop Protocol (RDP) ports. The research, which analyzed live attack data, highlights how weak passwords remain a significant security vulnerability.
The Specops report examined NTLMv2 password hashes collected through their honeypot system between late 2024 and March 2025.
The researchers were able to crack approximately 40% of the recorded hashes, providing insight into the specific passwords being used in brute force and password-spraying attacks against RDP.
Most Common Passwords in RDP Attacks
The analysis identified the ten most frequently used passwords in RDP attacks, which are:
- 123456
- 1234
- Password1
- 12345
- P@ssw0rd
- password
- Password123
- Welcome1
- 12345678
- Aa123456
The data shows that attackers frequently rely on basic numeric sequences and predictable variations of the word “password.”
Notably, “123456” was also the most commonly stolen password in the Specops report, underscoring end-users’ continued reliance on easy to remember, and easily guessable, credentials.
Why RDP is a Prime Target
RDP, which operates over TCP port 3389, is widely used to facilitate remote work and IT administration. However, its accessibility also makes it a frequent target for cybercriminals.
Attackers scan for exposed RDP servers, leveraging brute force tactics to gain access to corporate networks.
Many organizations report thousands of failed login attempts daily from bots, ransomware operators and other malicious actors.
Password Complexity Trends
The report also analyzed the character composition and lengths of passwords used in RDP attacks, finding that:
- 45% of passwords consisted only of numbers or lowercase letters
- Only 7.56% included a mix of uppercase, lowercase, numbers and special characters
- The most common password length was eight characters (26.14%)
- Less than 1.35% of passwords being used to attack the RDP port exceeded 12 characters
These findings suggest that enforcing longer and more complex passwords could significantly reduce the risk of RDP compromise.
Strengthening RDP Security
Specops recommends several measures to defend against RDP-based attacks, including:
- Implementing multi-factor authentication (MFA) for RDP connections
- Ensuring RDP servers are not directly exposed to the internet
- Regularly updating Windows servers and applying security patches
- Restricting RDP access to a limited range of IP addresses
- Enforcing strong password policies and blocking compromised credentials
Organizations looking to assess their current password risks can use tools like password auditing software or credential monitoring services to identify weak and breached credentials within their Active Directory environments.
As cyber-threats continue to evolve, taking proactive steps to secure RDP connections remains essential for preventing unauthorized access and potential data breaches.
