Webmail weak password
Description
A webmail account has been configured with a weak or easily guessable password that was successfully identified through automated credential testing. Weak passwords include common dictionary words, default credentials, simple patterns, or passwords derived from usernames. These credentials fail to provide adequate protection against brute force and dictionary-based attacks, allowing unauthorized access to email accounts.
Remediation
Implement and enforce a comprehensive password policy that requires:
1. Minimum password length of at least 12 characters
2. Complexity requirements including uppercase letters, lowercase letters, numbers, and special characters
3. Prohibition of common dictionary words, usernames, and previously breached passwords
4. Regular password rotation (every 90 days recommended)
5. Account lockout mechanisms after multiple failed login attempts
Additionally, implement multi-factor authentication (MFA) for all webmail accounts to provide defense-in-depth protection. Consider deploying a password manager to help users generate and store strong, unique passwords. Immediately reset the compromised account password and review access logs for any suspicious activity.