Today is World Password Day and organizations are unfortunately still reliant on archaic password strategies that put the onus on users to create and remember numerous complex and constantly changing password strings. It’s no wonder that this approach is an abject failure. Enterprises need to take steps to address the password problem and ensure that only strong, unique and uncompromised passwords are in use.
So, what can organizations do to strengthen their defenses? There are three steps to adhere to:
- Prevent the use of weak, similar or old passwords.
- End mandatory password resets: they don’t improve security.
- Check credentials continuously – NIST recommends that companies verify that passwords aren’t already compromised before being activated and monitor those passwords on an ongoing basis.
Preventing the use of exposed credentials is the key to shoring up password vulnerabilities. Most organizations are oblivious to not only the size of the problem but how technology can solve it.
Enzoic wants to end the misery and help enterprises by providing free access to Enzoic for Active Directory Lite. This mini version of our Enzoic solution provides an audit of your Active Directory environment and flags which employees are using known compromised passwords. The audit will unveil the number of compromised credentials already in use by checking passwords against our proprietary database of multiple billions of exposed passwords. You can check out the details here.
Once the review is complete, it will provide a list of users in your domain, along with each individual’s compromise status and whether any of the user accounts are sharing passwords. This is a great way to get a quick snapshot of the state of your domain’s password security. We are sure you will find the results illuminating. Of course, once you have the audit findings, we can help you make the move to the full-blown Enzoic for Active Directory solution for continuous, automated protection.
If you want to end your password nightmares and the burden on your IT team, then it’s time to check out Enzoic for Active Directory. Find out more here.
*** This is a Security Bloggers Network syndicated blog from Enzoic authored by Kim Jacobson. Read the original post at: https://www.enzoic.com/compromised-credentials-conundrum/