Why This Matters
One of the most common ways attackers try to break into accounts is through brute force attacks. In these attacks, hackers use automated tools to try thousands or even millions of password combinations until they find one that works.
If a password has already been leaked elsewhere (for example, from another service that was hacked), attackers often add it to their brute force lists. That means if you reuse the same password across multiple accounts, your NetSuite login could be at risk.
How NetSuite Prevents Brute Force Attacks
With release 25.2, NetSuite introduced stronger password checks designed to stop these attacks before they succeed:
- Checking passwords at login: Previously, NetSuite only checked passwords when you created them. Now, it also checks during login, blocking compromised passwords even if they were set earlier.
- Blocking leaked passwords: If a password is found in NetSuite’s leaked password database, it cannot be used—even if it meets complexity rules.
- Regular updates: The leaked password database is refreshed often, so newly exposed passwords are quickly blocked.
This means attackers can’t rely on brute force lists of leaked passwords to break into NetSuite accounts.
What You Should Do
To stay safe:
- Use a unique password for NetSuite that you haven’t used anywhere else.
- If NetSuite flags your password, change it immediately.
- Enable multi‑factor authentication (MFA) for an extra layer of protection.
Final Note
NetSuite’s enhanced password checks are specifically designed to reduce the success of brute force and credential‑stuffing attacks. By combining these protections with good password habits, you make it much harder for attackers to gain access to your account.