Prevent Account Takeover with Better Password Security

Tom works for a reputable financial institution. He has a long, complex password that would be near-impossible to guess. Unbeknownst to Tom, one of these sites has had its password database compromised by hackers and put it up for sale on the dark web. Before long, a threat actor will use Tom's legitimate email account to send a spear-phishing link to his CEO. This is a common account takeover scenario where malicious attackers gain unauthorized access to the organization's systems, putting critical information and operations at risk.
 

How weak and compromised passwords lead to account takeover   
Using weak passwords that are easy to guess or crack makes it very simple for attackers to compromise accounts (small letter dictionary word, the most useful word, only number, etc.).
 

Strengthen password security to prevent account takeover
Enforcing complex password requirements, such as a minimum length of 15 characters (a combination of uppercase and lowercase letters, numbers, and special characters), makes it harder for attackers to guess or crack passwords via brute-force or dictionary attacks.

Reference: The Hacker News.