Exposed Password Screening

What is Exposed Password Screening?

Exposed password screening is the process of checking currently used passwords against passwords that have been exposed in a publicly known data breach. Once these passwords are exposed, they are considered to be compromised passwords. In 2017, the National Institute of Standards and Technology updated the NIST password guidelines, recommending for exposed password screening. Since then, companies and organizations are …

Rethinking Digital Hygiene

Rethinking Digital Hygiene

With fears of global viruses escalating daily, physical hygiene is in the spotlight. The importance of handwashing regularly with soap and water is a critical step to prevent the spread of many infectious diseases. But what about our digital health and digital hygiene? When it comes to digital hygiene, we must focus on ensuring that our passwords are not patient …

Preventing Context-Specific Passwords in Active Directory

Preventing Context-Specific Passwords in Active Directory

Savvy cybercriminals will attempt to use context-specific passwords to gain access to Active Directory in targeted attacks. They know that: Companies that have headquarters in Boston will be more likely to have employee passwords that include “GoPatriots” due to the New England Patriots Since many organizations enforce quarterly forced password resets, many employees will include seasons in their password like …

Common and Bad Passwords

Preventing Common Passwords in Active Directory

Preventing common passwords in Active Directory is critical for protecting sensitive employee, user, and customer accounts. Why Should Organizations Screen for Regularly-Used Passwords? Many employees use weak passwords and are completely unaware of it. They can’t imagine their specific password is a common password that’s being chosen by other people as well. The organization and the employee both think their …

Privacy Regulation in a Connected IoT World

Privacy Regulation in a Connected IoT World

The need for increased technology regulation is a hot topic, as concerns continue to grow about the risks from deepfakes to machines going rogue. Our connected world appears fraught with problems that make more legislation seem inevitable if we are to have any hope of protection. California is leading the charge and is the first state to introduce sweeping privacy …

HIPAA & Passwords: https://www.enzoic.com/hipaa-password/

HIPAA & Employee Password Policies

The Health Insurance Portability and Accountability Act (HIPAA) describes how organizations must keep protected health information (PHI) secure. So how exactly are employee passwords supposed to be handled in light of HIPAA?   It’s important to understand how HIPAA handles the topic of passwords in order for organizations to properly implement the guidelines in their data protection strategies.  What Organizations are …

pwned password + password reuse = the perfect storm

Pwned Passwords: The Epicenter of Your Cybersecurity Storm

New cybersecurity threats are continuously emerging in light of our increasingly connected world, AI, 5G, and other enterprise trends. In this ever-changing landscape, there is one constant: passwords remain the primary authentication method for accessing corporate systems and applications—and employees are notorious for utilizing pwned passwords. The use of pwned passwords, or passwords that have been previously exposed in data …

The High Cost of Password Expiration Policies

The High Cost of Password Expiration Policies

For many cybersecurity professionals, one of the more surprising ideas to come out of 2019 is the recommendation to drop forced password expiration policies. Forced password expiration policies have been around for many years now and are a widespread element of cybersecurity frameworks within organizations across the world over. However, we’re now being told they may not be necessary. Password …