Credentials and data: two common denominators that are present in almost every breach scenario. Unfortunately for all of us, attackers are well aware that you can’t have one without the other.
Getting to the mother lode is simple, really. Step 1: Crack the password. Step 2: Obtain credentials.
And that’s why an organization’s password requirements and policies should always be under intense scrutiny. But herein lies a problem.
What if an organization has “complex” criteria in place, but the output is still a weak password?
Take for example a common password requirement. 8 characters including a capital, lower case, number, and special character. You can bet that a hacker is going to be able to guess or brute force their way into solving the complex Zodiac Killer-esque cipher of “Password1!.”
But how can anyone protect against this? You can’t force employees to create better passwords, right? Or can you…
What companies really need are robust password security solutions that proactively identify vulnerable accounts and prevent the use of passwords that are easily guessed by humans and computers. Being able to go out and discover weak passwords before hackers are able to find them first is a security must.
After that, tools need to be put in place to prevent these bad passwords from being used in the first place, enforcing proper password hygiene. Attackers often use dictionaries of previously breached passwords or knowledge of well-known passwords to compromise accounts. You can bet if it’s out there, it will be exploited again.
Lucky for all of us, STEALTHbits has tools that can discover and prevent weak passwords, safeguarding your organization from authentication-based attacks and stopping techniques like kerberoasting and password spraying in their tracks. Without getting into the weeds, this is done by enforcing rule sets such as:
- Password length
- String rejection
- User display/logon name rejection
- Repeating character rejection
…and many more!
Enforcing password policy is a very easy and effective way to beef up security, and should be looked into by all organizations.
For more information on how STEALTHbits tackles password enforcement and prevents against weak passwords, check out this solution brief.
Don’t miss a post! Subscribe to ‘The Insider Threat Security’ Blog here:
Nate is a Marketing Manager at STEALTHbits and has worked in the IT Security industry for 5 years.