Hackers are using weak and stolen credentials in a significant way to compromise business-critical environments. Stealing access to your environment using a known password for a user account is a much easier way to compromise systems than relying on other vulnerabilities. Therefore, using good password security and robust password policies is an excellent way for organizations to bolster their cybersecurity posture. Strong password security policies are essential, here are the 5 best ways to ensure an effective password:
- Encourage the use of passphrases– Passphrases offer many benefits over traditional passwords. They are easier to remember than passwords with special characters. They are much longer and stronger passwords that can be unpredictable for attackers who hope to compromise accounts.
- Don’t throw away password expiry– Password expiry or password aging forces a password change once the password reaches a certain age. It can take up to 280 days to discover you’ve been breached so password expiry is used to mitigate this.
- Implement breached password protection– Using a breached password check service is a critical part of compliance in order to find a password has become breached or a user is attempting to use a password that is breached. Enabling this protection on accounts helps protect against the large databases of passwords that hackers are using in password spraying attacks and other dictionary-based attacks.
- Use password dictionary checks– Using this provides a way to check passwords against very commonly used passwords that may satisfy complexity requirements but are extremely weak. This also allows organizations to create their own customized dictionaries to prevent users from forming passwords that contain the business name or other easy to guess characteristics.
- Use account lockout policies- Cybersecurity authorities recommend using a means to limit the number of failed authentication attempts with a specific user account.
Your company can easily implement these types of features and audit your password policies against industry-standard password policy recommendations by using a free read-only tool. In addition, Specops Password Policy, the paid option, provides organizations to extend the built-in features given with the native Active Directory Password Policy. Specops Password Auditor also easily allows IT admins to audit existing password policies against the leading industry-standard password policies and see how their password policies measure up. It also enables the creation of a professional executive summary report which generates a professional, detailed report that can be handed over to auditors and business leaders. Overall, it is important for businesses to evaluate their current password policies and see how these compare to the current best practice recommendations in order to have the best possible cyber security.