Hackers are becoming more sophisticated in exploiting systems as ransomware has proven to be very lucrative. As a result, the number of password cracking attempts we have observed has increased dramatically.

The systems you expose to the internet for communication, management and remote access allow for hackers to attempt to brute force your passwords. They use common usernames and attempt thousands of password combinations until they breach the system.

As hackers develop better methods and algorithms to successfully breach accounts, higher complexity in passwords is essential.

Elevated accounts, such as Administrative accounts should be changed periodically to a high standard of complexity. User accounts, especially those with remote access should be restricted by a policy that enforces password complexity. 

If you cant remember when your administration passwords were last changed, its time to do it.

One of the biggest risks is from parties that were given a password to your system at at time when they needed it. These persons now have the keys to your system and may have moved on to another company, or even your competition. Other 3rd parties may have been given access to do an integration with their own product and no longer need access.