Securing Passwords from Create to Retire
Organizations are in a non-stop battle to protect their network and meet data security responsibilities in the face of ever-increasing cyberattacks. A key challenge is ensuring that users create secure passwords. Four out of five hacking breaches involve unsafe password practices.
In this current threat environment, passwords must exclude passwords exposed in previous data breaches. Cybercriminals abuse passwords every day, capitalizing on credentials harvested from these past data breaches. Once hackers have access to a single user password – even from a personal account – they have a basis for password attacks.
Hackers know that users often use the same password or apply only minor changes across different sites. Using compromised credentials or applying predictable transformations, allows hackers to gain unauthorized access.
Today, effective password security involves checking passwords being created and continuously monitoring every password during its useful life until it is identified as no longer safe to use.
Creating Safe and Secure Passwords
The password lifecycle starts with setting a new password. It’s essential to check that passwords are not too similar to the user’s previous password and have not been exposed in data breaches or cracking dictionaries.
With Enzoic for Active Directory, organizations can ensure that users are selecting passwords that are not identical or having just small variations to their previous password. It also checks against commonly used passwords and makes sure context-specific words based on the user or their company are not part of the password. It also checks that passwords are not part of data breaches.
Staying Ahead of Passwords Exposed in New Data Breaches
Enzoic for Active Directory screening includes securely checking the users’ new passwords against Enzoic’s comprehensive database of cracking dictionaries and exposed credentials. It’s essential that compromised credential screening checks against a comprehensive list of the most current data breaches. Enzoic’s threat analyst research team and automated intelligence-gathering processes update its proprietary cloud database of billions of exposed, breached credentials multiple times per day. The Enzoic team and its technologies pull exposed password data from the public internet, the Dark Web and its cloaked hacker forums, and private sources.
If a user’s prospective password is determined to be unsafe, Enzoic for Active Directory rejects it automatically and requires the user to choose a different password. This process ensures only safe passwords are created in Active Directory.
Keeping Secure Passwords Over Time
Passwords can continue to serve users well throughout an extended lifecycle as long as they remain out of subsequent data breaches or cracking dictionaries prepared from them.
Trying to maintain ongoing password security through forced periodic password resets may actually be arbitrarily abandoning safer user passwords in exchange for compromised credentials. Password expiration also often leads users to make simple changes to their preferred root password – a practice that increases vulnerability.
Retiring Unsafe Passwords
Detecting when a secure password has been compromised is vital to an organization’s overall system security. Enzoic for Active Directory alerts an organization whenever Enzoic finds a password match in its continuously updated catalog of compromised credentials. The match then triggers the organization’s choice of automatic responses: disable the account immediately; send an alert to systems administrators or helpdesk; prompt the user to change their password when they log in; or a combination of these actions.
Create, Maintain, Retire – Security throughout the Lifecycle
Organizations using Enzoic for Active Directory know that their users’ passwords are secure throughout the credential’s lifecycle. Enzoic for Active Directory prompts users to create vibrant passwords and then ensures that those credentials are uncompromised. Enzoic for Active Directory maintains password security through daily password checkups and retires the credential if it is compromised or exposed.
*** This is a Security Bloggers Network syndicated blog from Enzoic authored by Kim Jacobson. Read the original post at: https://www.enzoic.com/the-lifecycle-of-a-password/