Savvy cybercriminals will attempt to use context-specific passwords to gain access to Active Directory in targeted attacks. They know that:
- Companies that have headquarters in Boston will be more likely to have employee passwords that include “GoPatriots” due to the New England Patriots
- Since many organizations enforce quarterly forced password resets, many employees will include seasons in their password like “Winter2020”
- Many people include their company name in their password
- Many employees will include a product name in their password
Attackers exploit context-specific passwords because they are commonly used by employees. To combat this, companies need the ability to create a custom password dictionary filter in Active Directory.
With Enzoic for Active Directory, organizations can add up to 5,000 custom passwords stored locally that will be screened and blocked at creation.
These context-specific passwords can be a local sports team, years, product names, company names, office locations, etc.
Custom passwords are partially matched and case insensitive so any password that includes that word would be blocked. These can also be optionally fuzzy matched if you have fuzzy matching turned on.
For example: If your custom password dictionary includes the word “GeneralElectric” Users would not be allowed to use that word in any password so a password like “ILovegeneralElectric” will be blocked.
To learn more about password filtering that includes common passwords, similar passwords, expected passwords, and custom password dictionaries, please visit https://www.enzoic.com/wp-content/uploads/Automate-Password-Policy-Enforcement-NIST-Password-Guidelines.pdf.
The post Preventing Context-Specific Passwords in Active Directory appeared first on Enzoic.
*** This is a Security Bloggers Network syndicated blog from Enzoic authored by Enzoic. Read the original post at: https://www.enzoic.com/preventing-context-specific-passwords-in-active-directory/