A recent InfoSecurity Magazine article on password security posed a critical question, “A password blacklist should contain all of the passwords that a hacker will use to gain access to a system, but how many is the right number?”
The answer is impossible to quantify as numerous breaches occur on a daily basis and newly compromised credentials are posted to the Dark Web with similar frequency.
To illustrate the problem, one company we spoke with discovered that 4% of its uncompromised credentials became compromised within one month—and this happened month over month.
Employees often unknowingly utilize compromised credentials and every day brings new leaks and exposures it’s clear that static blacklists are no match for today’s heightened threat landscape.
With this in mind, password blacklisting is a good start, but it is only a partial solution for securing passwords.
Enzoic offers organizations another approach. Our solutions check password security in real-time against our proprietary live database of billions of exposed username and password credentials. Offered as an Active Directory plugin, our technology ensures sensitive data is protected without introducing unnecessary friction into the user experience, with continuous password checking.
Of course, it’s not enough to simply screen passwords at their creation. As the statistic above underscores, it’s highly likely that a previously secure password could become compromised down the road. As such, Enzoic checks passwords on a daily basis to ensure their security and to alert companies to take action in the event of exposure. As a result of these capabilities, Enzoic is an exposed password screening solution that can meet NIST 800-63b requirements for real-time screening at set-up and continuous monitoring for new vulnerabilities.
Screening passwords against a blacklist is a critical step in ensuring enterprise security. But to truly be effective, it’s essential that companies move beyond static lists and check passwords daily against a live continuously updated database. Cybercriminals will never rest in their attempts to infiltrate sensitive accounts, and your password screening solution shouldn’t either.
The only way to truly protect passwords—and the sensitive data to which they enable access—is by screening passwords against a database of exposed passwords that is updated daily.