Why your password policy should include a custom dictionary wordlist

October 3, 2024 at 10:15PM Custom dictionaries are essential for strengthening password security. They block the use of common words, industry and organization-specific terms, and easily guessable patterns, adding an extra layer of defense against targeted attacks. Integrating custom dictionaries with tools like Specops Password Policy enhances Active Directory password security and reduces the risk … Read more

Why your password policy should include a custom dictionary

October 3, 2024 at 10:39AM Weak and easily guessable passwords can leave organizations vulnerable to cyber threats. Integrating a custom dictionary into password policies can protect against targeted attacks, brute force methods, and industry-specific vulnerabilities. Specops Password Policy enables seamless integration of custom dictionaries into Active Directory, bolstering overall password security and compliance with industry … Read more

Why ‘Never Expire’ Passwords Can Be a Risky Decision

September 23, 2024 at 08:06AM The text discusses the impact of password expiry policies, exploring the reasons behind them and the potential drawbacks. It highlights concerns about weak password reuse, IT burden, and compromised password risks. It also suggests implementing a comprehensive password strategy, advocating for longer and stronger passwords alongside measures to detect compromised … Read more

Prevent Account Takeover with Better Password Security

June 6, 2024 at 06:18AM Tom, an employee at a financial institution, unknowingly used his strong password for multiple accounts, leading hackers to compromise his credentials and potentially launch an account takeover attack. These attacks are hard to detect because they involve legitimate user credentials. Implementing strong password security and multi-factor authentication is crucial to … Read more

Cybersecurity Training Not Sticking? How to Fix Risky Password Habits

February 26, 2024 at 11:01AM Organizations invest in cybersecurity training programs to improve security and mitigate risks posed by end-users. However, training has limitations in changing behavior around passwords, as end-users prioritize convenience and efficiency over security. Despite being educated on best practices, many still reuse passwords, undermining organizational security efforts. Six ways to augment … Read more

4 Ways Hackers use Social Engineering to Bypass MFA

February 12, 2024 at 06:27AM The article emphasizes the importance of multi-factor authentication (MFA) in enhancing password security. It highlights four social engineering tactics hackers use to bypass MFA, including AITM attacks, MFA prompt bombing, service desk attacks, and SIM swapping. It stresses the significance of robust password security alongside MFA and suggests using tools … Read more

How to Apply Zero Trust to your Active Directory

February 7, 2024 at 10:27AM As remote work becomes more prevalent, organizations need to move away from traditional trust models and embrace a zero trust approach for secure access. This involves rigorous authentication for every user, device, and network component. Implementing the principle of least privilege and using multifactor authentication are recommended strategies to bolster … Read more

How to secure AD passwords without sacrificing end-user experience

January 24, 2024 at 10:19AM Hackers attempted 1,287 password attacks per second in 2022, highlighting the importance of strong password security. Many users still use easy-to-guess passwords, creating security vulnerabilities. Organizations can promote longer, unique passwords and correlate password expiration with password length to enhance security. Tools like Specops Password Policy can help enforce these … Read more

Protect your Active Directory from these Password-based Vulnerabilities

December 14, 2023 at 11:25AM Active Directory (AD) is a prime target for threat actors due to its role in identity management. Vulnerabilities like Kerberoasting, password spraying, default credentials, and privilege escalation pose significant risks. Specops Password Policy and Specops Password Auditor offer solutions to safeguard against these threats, through strong password enforcement and breach … Read more

Your end-users are reusing passwords – that’s a big problem

November 2, 2023 at 10:11AM Password reuse is a dangerous vulnerability that IT teams struggle to detect. According to a TechRepublic survey, 53% of people admit to reusing passwords, making it easier for hackers to gain access. Verizon estimates that 86% of attacks start with compromised credentials. Organizations need to take steps to mitigate this … Read more