Microsoft cybersecurity specialist shared some interesting statistics: most cybercriminals prefer to brute-force passwords no longer than 7 characters, and only a small percentage of attacks target long passwords containing special characters.

The researcher collected statistics for this analysis from numerous honeypot servers, which he manages on duty, studying the trends among attackers:

I analyzed the credentials used in over 25,000,000 brute-force attacks on SSH. In 77% of cases, brute force was directed to passwords from 1 to 7 characters. A password longer than 10 characters was encountered only in 6% of cases.Ross Bevington, a Microsoft expert, told the company.

The [...]