Microsoft (MS) announced recently that data collected by its network of honeypot servers, that most brute-force attackers primarily attempt to guess short passwords, with very few attacks targeting credentials that are either long or contain complex characters.
“I analyzed the credentials entered from over >25 million brute force attacks against SSH. This is around 30 days of data in Microsoft’s sensor network,” said a security researcher at Microsoft. 77% of attempts used a password between 1