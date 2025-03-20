The Specops Software research team recently published new research that analyzed passwords being used to attack Remote Desktop Protocol (RDP) ports in live network attacks. The report reveals the 10 most common passwords attackers are using and analyzes their wordlists for the most common complexity rules and password lengths.

The launch of the report coincides with the latest addition of over 85 million compromised passwords to the Specops Breached Password Protection service. These passwords come from Specops honeypot network and threat intelligence sources. The top 10 passwords most commonly used to breach RDP ports are:

123456

1234

Password1

12345

P@ssw0rd

password

Password123

Welcome1

12345678

Aa123456

In addition to providing remote access capabilities to remote and hybrid workers, the RDP port can also give remote servers the ability to provide maintenance, set up, and troubleshooting, regardless of their location. It offers an easy way to remotely connect to corporate environments, which unfortunately also makes it a target for hackers.

Attackers are on the lookout for exposed RDP servers as these can be easy targets for brute force attacks. Additionally, attackers may conduct password spraying attacks on RDP servers and try known breached credentials on exposed servers. Many organizations find that monitoring RDP servers reveals hundreds if not thousands of failed log attempts on their servers from hackers, bots, ransomware attacks, and others.

Additional information from the report found: