How to Avoid Weak Passwords in Active Directory
Weak or stolen passwords are involved in more than 80% of data breaches according to Verizon DBIR. This poses a risk and is a common concern among CISOs (Chief Information Security Officer), IT Security Managers & Compliance Team. One of the best practice is to prevent this is to implement password policies to prevent weak passwords and attempt to make stolen passwords irrelevant through regular and frequent change of passwords.
The Challenge
Weak Passwords in Active Directory means Trouble
How would you know if you have old and weak passwords in your Active Directory?
Are unencrypted passwords present?
Eliminate accounts that are easy targets
How can this pose a threat to your company?
Modern attacks with passwords can originate from some of these strategies:
Rainbow tables: When a WEB solution is breached the hackers can see the e-mail account, and this helps them to identity corporate accounts. The hackers hope that the person uses the same password for corporate use and for the hacked system. The password is probably hashed however. The criminal then compares the hashed value against hashed values of 5-10000 well-known passwords to find matches. When a match is found, the hacker will use it in an attack on that company.
Spray attack: The hacker knows that users try to make passwords simple and easy to remember. This is often done by using easy-to-remember phrases. This means that company name, product name themes or other words related to the employer are often part of the password. Combine this with month, year and season the hacker can simply try as many combinations as possible for as many accounts as possible – and he might be lucky!
CISOs, IT Security and others in charge of company’s cyber security want to prevent these attack types to avoid data breaches.
The Solution
One of the recommended first steps would be planning the implementation and regular audits. It is important to know your baseline.
A password audit tool is a powerful auditor that can give insights on your Active Directory positioning when it comes to the security of your Users’ Account Passwords.
Look for a password audit tool that also shows the statistics on weak and common passwords, weak encryption and more.
FastPassCorp together with our partner KSS offers a Free Password Audit Tool to give you the best overview of potential risks with the passwords in your Active Directory.
It is a safe tool developed by Global Specialists in IT Solutions Security & Credentials and has guaranteed 100% password encryption during the audit.
Bring knowledge to your decisions – and get the right information to help prioritize your decisions regarding password risks. You can get the Free Password Audit Tool and there are no future costs either. The tool was developed with the vision and purpose to create more Secure Enterprise Passwords and helping companies to mitigate risks of data breaches.
