Weak Host Password

Risk Level

Hazardous (3)

Compliance Frameworks
  • Orca Best Practices

About Weak Host Passwords

Many authentication mechanisms rely on passwords to verify the identity of a user. A password is supposed to be private information, a secret that only you and the system know.

25% of all cyber-breaches are caused by compromised credentials

Passwords have become more prone to compromise than ever before. People are naturally inclined to use personal information in their passwords, like nicknames, names of their partners, children, and pets, birthdays, etc. Since a lot of this information is obtainable through social engineering, it makes the password-hacking process a lot easier and faster.

It’s critical to choose passwords that abide by the recommended complexity and uniqueness requirements, especially when talking about passwords of user accounts on servers and other internal resources.

Cloud Risk Description

Weak passwords of local user accounts of an operating system are highly susceptible to cyberattacks. A compromise could lead to system takeover and data loss.

Brute-force attacks can enable malicious actors to acquire passwords and then gain unauthorized access. During a brute-force attack, a malicious actor repeatedly tries different password combinations, until they find the right one.

Modern computing power allows trying thousands of alphanumeric combinations per second, which often means that if a brute-force attempt runs long enough, the cybercriminal may eventually get a match. If it is a commonly used or default password, they may get a hit much sooner.

How Does Orca help?

Orca employs multiple methods to identify poor password hygiene, including commonly used passwords, complex passwords that are reused across multiple applications and services, and highly secure passwords that have been leaked. Orca ensures password policy settings in your cloud meet industry guidelines around the use of MFA, minimum password length, use of special characters, password age, password reuse, and more.

Orca looks for weak host passwords and will alert on this type of issue as shown in the screenshot above.


Orca Security, the cloud security innovation leader, provides cloud-wide, workload-deep security and compliance for AWS, Azure, and GCP - without the gaps in coverage, alert fatigue, and operational costs of agents.