There is no evidence to suggest that data breaches will become less frequent or less serious in 2021. In fact, as more of the population now works from how the risks are increasing. To counter this threat, organizations really need to pinpoint the reasons why and how so many companies and individuals are being successfully targeted by hackers. Enzoic has …
Password Blacklists: Applying the Goldilocks Principle
One of the most effective ways to increase the strength of your network’s security is to screen users’ passwords against a list of dictionary passwords and known compromised passwords. Password vulnerabilities remain a major entry point for hackers. Over the last few years, password policy has evolved in significant ways. NIST password guidelines now indicate that using a password blacklist …
From Stolen Credentials to Full Network Compromise
How Hackers Are Actually Using Exposed Passwords to Infiltrate Active Directory Recent reports like the Verizon DBIR have noted that stolen credentials are often the foothold that attackers use to compromise networks and systems. A simple phishing or credential stuffing attack becomes the entry point for a much larger enterprise, like data theft, ransomware, or system hijacking. This is rather …
Digital Home Security: How to stay safe while the world works from home
Working from home used to seem something of a luxury, reserved for those whose work might not rely on customer interaction or face to face meetings. But since April of this year, the number of people working from home has dramatically increased, due to the risks associated with COVID-19. This trend has spanned most major sectors of the industry—education, healthcare, …
Response Required
Why organizations need to react urgently to the state of password security, according to data from 451 Research In a recent brief titled “Love ‘em or Hate ‘em, Passwords Are Here to Stay,” 451 Research indicated that despite the stirrings of a passwordless revolution, the widespread use of passwords won’t be changing in the foreseeable future. The 451 brief points …
A Brief Summary of NIST Password Guidelines
National Institute of Standards and Technology (NIST) has been substantially revising its password guidelines since 2017. Previous recommendations have been changed, including combining symbols, letters, and numeric to create complex passwords; changing passwords frequently; or requiring users to generate passwords of a specified length. The changes address findings from NIST related to the human factors that cause users to create …
Exposure of NIH, WHO, and Gates Foundation Credentials Underscores the Critical Importance of Credential Screening
Earlier today, news broke that unknown activists have posted nearly 25,000 credentials belonging to the National Institutes of Health, the World Health Organization, the Gates Foundation and other organizations engaged in the fight against the coronavirus pandemic. According to Souad Mekhennet and Craig Timberg at the Washington Post, “The lists, whose origins are unclear, appear to have first been posted …
7 Password Problems Solved by Enzoic Password Policy Enforcement
There are many excellent password policy enforcement tools built into Active Directory. But the out-of-the-box AD functionality does not meet all the password standards and new password policy recommendations from NIST and other regulatory organizations. What can organizations do regarding password policy enforcement to increase security and decrease user friction, cost-effectively? The perfect storm of weak passwords More than 21 …