Planning your next password security project

Enforcing strong passwords one of the most important things a business can do to keep assets secure
Pro

15 September 2020

In association with SpecOps Software

The shift to remote work has been an adjustment for many organisations. With the initial task of getting users up and running complete, businesses must now be prepared to protect the new security parameter.

The National Cyber Security Centre (NCSC) of Ireland has published a Working From Home advisory to help businesses and citizens navigate through these new challenges. The advisory includes a summary of key threats, as well as best practices for remote access, including home router hardening, remote conferencing, use of work-issued devices, and more.

Not surprisingly, the guidance also includes the NCSC’s Password Advice. The Secure Password Policy is a standing section in all NCSC documentation. With poor password management still the main driver of the majority of security breaches, both in Ireland, and globally, enforcing strong passwords is one of the most important things that a business can do to keep their assets secure.

The NCSC’s Password Advice shouldn’t be new for system administrators. In short, it recommends passphrases, multi-factor authentication, password managers, and discourages password reuse, as well as dictionary words, or personal words as passwords.

Many businesses, specifically those on Windows systems, can turn to native defences to implement these recommendations. The password settings in the default domain policy can set basic requirements including password length, maximum age, and complexity. However, Windows does not include any sort of enforcement against reuse, dictionary words, or personal words.

If an organisation wants to actively prevent users from using dictionary or personal words, rather than depending on its end-users to make good security choices, they will need additional password tools.

To help businesses plan their next password security project, and identify a suitable third-party password tool, Specops Software offers a free password auditing tool for Active Directory. Specops Password Auditor helps system administrators identify their password-related vulnerabilities, including risk level against common threats, and an overview of the accounts impacted.

While the Working From Home advisory does not include any recommendations on identifying or blocking the use of leaked passwords, Specops Software recommends this strategy for all businesses that suspect password reuse. This approach can protect an organisation when a user password is uncovered in a breach unrelated to a business, and an attack with the same password is attempted against the business.

Specops Password Auditor can be used to identify how vulnerable a business is against a breached password list. If a large number of accounts are using leaked passwords in any given environment, a breach protection service, such as Specops Password Policy, is needed to prevent and block the use of leaked passwords.

Specops Password Auditor is a read-only program, and does not store Active Directory data. Download Specops Password Auditor for FREE.


Back to Top ↑

TechCentral.ie