Of course, one Administrator can build the best protections to avoid intrusion on your system, but if your users use always the same predictable passwords there’s no way out.
According to a Keeper Security study, here is a list of the most common passwords ever produced consciously by users:
But there’s more. If a user uses a “single word” included in any languages’ vocabulary, his password can be easily detected using the Dictionary attack.
It could be implemented thanks to a script that progressively tries all the words of all languages’ vocabulary. An approximate number of all words known in the world is 5,000,000 considering Chinese and Italian languages. But the list of most common words is lighter: it consists in a dictionary of 60-100,000 words.
How much time does a script take to test all of them to penetrate your system? Minutes.
It’s an easy but effective technique.
In order to protect your system against this kind of attack you should force users to have at least a number, a special character or an uppercase letter in their password.
A preventive test could be done here: Password Checker.