Exposed Password Screening

What is Exposed Password Screening?

Exposed password screening is the process of checking currently used passwords against passwords that have been exposed in a publicly known data breach. Once these passwords are exposed, they are considered to be compromised passwords. In 2017, the National Institute of Standards and Technology updated the NIST password guidelines, recommending for exposed password screening. Since then, companies and organizations are …

Preventing Context-Specific Passwords in Active Directory

Preventing Context-Specific Passwords in Active Directory

Savvy cybercriminals will attempt to use context-specific passwords to gain access to Active Directory in targeted attacks. They know that: Companies that have headquarters in Boston will be more likely to have employee passwords that include “GoPatriots” due to the New England Patriots Since many organizations enforce quarterly forced password resets, many employees will include seasons in their password like …

Top worst passwords

The Top 15 Worst Passwords

Passwords. What makes them bad? It is not just the words in a password. It is how they are used, what context they are used in, if they have been exposed online, and other factors. admin (or admin with only a few extra characters like admin1, admin!, adminX) password2020 (and iterations of it, such as 2021Password) password (and iterations of …

What GDPR Means for Your Password Policy

GDPR Password Policy: Critical Components

The General Data Protection Regulation (GDPR) has been in full effect and many organizations still find themselves falling short of compliance. They are confused about how the regulation applies to password policy. GDPR came into force on May 25, 2018, thrusting the European Union (EU) into a new era of data and privacy rights. The purpose of the regulation is …

What’s behind PCI’s New MFA Requirements?

Requirement 8.3 of the PCI DSS 3.2 goes into effect today (Feb 1, 2018), making MFA (multi-factor authentication) a requirement for every organization involved in payment card processing. Many have implemented MFA ahead of the requirement, however a look at the PCI’s multi-factor implementation guidance highlights some considerations, particularly around passwords that may otherwise be overlooked. 1. Multi-factor means multiple …

password reuse is bad

The Magician’s Handkerchief of Password Reuse

Yesterday I received an email in my inbox from a prominent gaming website, indicating that my account had been disabled due to “suspicious activity” and that I would need to reset my password. They then carefully explained that this was not due to a breach of their site, but instead likely due to my account credentials having been exposed either …

Massive Equifax Data Breach Puts Consumers at Risk for Identity Theft and Compromised Accounts

With rapid rate of evolution within technology, why are we still using passwords? The answer lies in the simple, positive attributes of passwords that are not found in other authentication methods: affordable, easy to replace, universally compatibility, privacy safe and no false positive. This closer look highlights the gaps in other methods that will make it hard to get past the password.

Can Passwords Really Be Replaced

Can Passwords Really Be Replaced?

With rapid rate of evolution within technology, why are we still using passwords? The answer lies in the simple, positive attributes of passwords that are not found in other authentication methods: affordable, easy to replace, universally compatibility, privacy safe and no false positive. This closer look highlights the gaps in other methods that will make it hard to get past the password.