Sensing that Microsoft's PPTP protocol was equally vulnerable to dictionary attacks as Cisco's LEAP protocol, Ou asked Joshua Wright, who cracked LEAP, to see if the same techniques used to compromise LEAP could also be used on PPTP. Dictionary attacks thrive on the bad habits of users whose passwords are everyday words or names that can be found in a hackers' "dictionary." Such words make up the majority of passwords that are in use today. At Ou's request, Wright was successful in cracking into PPTP protected resources that relied on the MSCHAPv2 authentication protocol (which most PPTP VPNs use). While wireless networks are most at risk, the attack is also possible in wired scenarios as well. When the PPTP's susceptibility to dictionary attacks was brought to Microsoft's attention, Microsoft treated the report as non-critical and instead offered several recommendations that Ou found to be quite unreasonable. Instead, Ou recommends, it's time to ditch those PPTP-based VPNs in favor of ones based on the much more secure L2TP/IPSEC protocol.