2016 brought massive password dumps Attack.Databreach , resulting from the highly publicized Yahoo and LinkedIn breaches Attack.Databreach that exposed Attack.Databreach millions of users ’ passwords to the public and for sale on the dark web . Research has revealed that about 35 % of the leaked LinkedIn passwords were already known from previous password dictionaries , making them vulnerable to other accounts . Researchers at behavioral firewall company Preempt took a look at the LinkedIn credentials and also found that 65 % of the leaked passwords can be easily cracked with brute force using standard off-the-shelf cracking hardware . The study also looked at general password intelligence and found that password rules , which many enterprises employ , can allow users to create weak passwords that can easily be cracked—and many individuals use the same password for multiple accounts , signaling a password epidemic amongst organizations and their users . “ One thing is certain , any person that used the same password for Linkedin as they did for their work account ( or other account ) , is currently vulnerable within these other accounts , ” said Preempt researcher Eran Cohen , in a blog . “ Unfortunately , there are many users that don ’ t make that connection . Their LinkedIn account was breached Attack.Databreach , so they just change their LinkedIn password , not realizing that if they are using that same password elsewhere , they are actually exposed Attack.Databreach in all of those places as well . For IT security teams , this is an unknown vulnerability they have to deal with. ” Overall , the examination showed that low-complexity passwords can be cracked in less than a day , medium-complexity passwords are cracked in less than a week and high-complexity password are cracked in less than a month . “ Users reuse passwords . They rotate them . Add a digit to them . And even use identical or share passwords with others , ” said Cohen . “ As data scientists , it is our job to go deeper , and identify the common human behavior . For example , we ’ ve seen how local culture impacts passwords , where local football team names are commonly used as passwords . The problem is that only about 1 % of people care and are aware that passwords are based on patterns and these patterns can be tracked or broken. ” To stay safe , companies should use a password policy to enforce complexity and password expiration ; require longer passwords ( 8 bad , 10 ok , 12 good ) ; implement a context-based solution to train and enforce password policy based on users ' activity ; add additional factors to authenticate users ; and educate people to avoid sharing passwords with other employees and cloud services . They should also avoid the use of simple patterns , personal data or common words ; and employees shouldn ’ t repeat passwords when a password expires ( enumeration included ) .