Automate Password Policy & NIST Password Guidelines

Enable automated password policy enforcement with daily password auditing and customizable remediation. With compromised password detection, custom password dictionary, fuzzy matching with common character substitutions, and continuous ongoing monitoring; enterprises can easily adopt NIST password requirements and eliminate vulnerable passwords in Active Directory. Organizations can adopt NIST password guidelines to screen for weak, commonly-used, expected, and compromised passwords. Then they …

Password Cracking Dictionaries

Cracking Dictionaries: What You Need to Know

Passwords are the standard authentication factor across sites and systems, but how we deal with passwords has changed over time. Today, password hashing is a critical security measure organizations should leverage to protect passwords. Because many organizations leverage password hashing to protect passwords, cracking dictionaries have evolved to crack those password hashes. Here is a quick overview. What Are Cracking …

Password Blacklists: https://www.enzoic.com/password-blacklists/

Password Blacklists: Do They Provide Enough Protection?

A recent InfoSecurity Magazine article on password security posed a critical question, “A password blacklist should contain all of the passwords that a hacker will use to gain access to a system, but how many is the right number?” The answer is impossible to quantify as numerous breaches occur on a daily basis and newly compromised credentials are posted to …

Recommendations For HIPAA Password Compliance: https://www.enzoic.com/hipaa-password-compliance/

Recommendations For HIPAA Password Compliance

What is HIPAA Password Compliance and How Healthcare Organizations Can Comply with these Authentication Guidelines. HIPAA (Health Insurance Portability and Accountability Act) was introduced in 1996 but has become increasingly prominent in recent years due to the rise of data breaches in the industry. Data breaches have been on the rise across all industries in the past five years, but …

Password Rotation Policy

The Pros and Cons of Password Rotation Policies

Why Password Rotation Policies May No Longer Be Fit-For-Purpose In the Digital Age Forced password resets have been a common feature of password policies for a long time and are still widely used. However, Microsoft and the NIST password guidelines, recommend doing away with password rotation policies, claiming they don’t improve security – and can actually make it worse. Despite …

Enzoic for Active Directory 2.6 Dashboard

Introducing 1-Click NIST Password Standard Compliance & More

Introducing one-click NIST password standard compliance, user reporting which outlines users who are using compromised passwords, and root password detection to prevent users from using root passwords. Microsoft’s Active Directory is used widely across companies and industries throughout the world and unfortunately, it is one of the key targets for bad actors. Many organizations are adopting the use of password …

Exposed Password Screening

What is Exposed Password Screening?

Exposed password screening is the process of checking currently used passwords against passwords that have been exposed in a publicly known data breach. Once these passwords are exposed, they are considered to be compromised passwords. In 2017, the National Institute of Standards and Technology updated the NIST password guidelines, recommending for exposed password screening. Since then, companies and organizations are …

Rethinking Digital Hygiene

Rethinking Digital Hygiene

With fears of global viruses escalating daily, physical hygiene is in the spotlight. The importance of handwashing regularly with soap and water is a critical step to prevent the spread of many infectious diseases. But what about our digital health and digital hygiene? When it comes to digital hygiene, we must focus on ensuring that our passwords are not patient …

Preventing Context-Specific Passwords in Active Directory

Preventing Context-Specific Passwords in Active Directory

Savvy cybercriminals will attempt to use context-specific passwords to gain access to Active Directory in targeted attacks. They know that: Companies that have headquarters in Boston will be more likely to have employee passwords that include “GoPatriots” due to the New England Patriots Since many organizations enforce quarterly forced password resets, many employees will include seasons in their password like …

Preventing Common Passwords in Active Directory

Preventing common passwords in Active Directory is critical for protecting sensitive employee, user, and customer accounts. Why Should Organizations Screen for Regularly-Used Passwords? Many employees use weak passwords and are completely unaware of it. They can’t imagine their specific password is a common password that’s being chosen by other people as well. The organization and the employee both think their …