Identity and Access Management Capability: Password Complexity Management

Identity and Access Management Capability: Password Complexity Management

Passwords are still one of the most dominant forms of authenticating users. With the number of data breaches hitting the news constantly on the rise, it’s astounding that people still use passwords like “password” or “123456,” the two most popular passwords of 2018. The challenge for IT admins is finding the best ways to help(/enforce) their end users to create strong, intricate passwords. The identity and access management capability for password complexity management is helping IT admins accomplish this task.

Passwords Through the Years

self-service password resets

Historically, user identities were located on-prem, and generally based in a directory service like Microsoft® Active Directory®. Identities were mainly leveraged to access the user’s system, which resulted in instant access to their Windows-based networked resources. Because the identity was primarily only used to access these on-prem machines, passwords only had to be complex enough to prevent a potentially mischievous coworker from changing your desktop background.

That all changed with the advent of the Internet, as user accounts became accessible from virtually anywhere. Hackers realized that the fastest way to compromise networks and access confidential information, credit cards, social security numbers, and more was through user identities. And so, the war against passwords began. A whole generation of approaches to compromise identities, including phishing, began their onslaught on undermining weak passwords.

Enforcing Strong Passwords

In the cat and mouse game of IT security, admins and MSPs started to realize that they needed to teach their end users on how to create strong passwords and then enforce their password requirements through tooling. In order to best protect identities, passwords needed to be longer, complex, unique, and rotated appropriately. In fact, many compliance statutes started to require a variety of password complexity settings.

While training end users was a great start, many IT organizations required an identity and access management capability for password complexity management. It became a major hassle to use add-on solutions to enforce password requirements, instead of having the directory do the job itself. This feature of an IAM platform would ensure that an organization’s settings would be met by all users (Read more...)

*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Zach DeMeyer. Read the original post at: https://jumpcloud.com/blog/password-complexity-management-iam-capability/

Zach DeMeyer

Zach DeMeyer

Zach is a writer and researcher for JumpCloud with a degree in Mechanical Engineering from the Colorado School of Mines. He loves being on the cutting edge of new technology, and when he's not working, he enjoys all things outdoors, making music, and soccer.

zach-demeyer has 166 posts and counting.See all posts by zach-demeyer