How to Avoid Weak Passwords in Active Directory | FastPassCorp
Weak or stolen passwords are involved in more than 80% of data breaches according to Verizon DBIR. This poses a risk and is a common concern among CISOs (Chief Information Security Officer), IT Security Managers & Compliance Team. One of the best practice is to prevent this is to implement password policies to prevent weak passwords and attempt to make stolen passwords irrelevant through regular and frequent change of passwords.
Weak Passwords in Active Directory means Trouble
How would you know if you have old and weak passwords in your Active Directory?
Are unencrypted passwords present?
Eliminate accounts that are easy targets
How can this pose a threat to your company?
Modern attacks with passwords can originate from some of these strategies:
Rainbow tables: When a WEB solution is breached the hackers can see the e-mail account, and this helps them to identity corporate accounts. The hackers hope that the person uses the same password for corporate use and for the hacked system. The password is probably hashed however. The criminal then compares the hashed value against hashed values of 5-10000 well-known passwords to find matches. When a match is found, the hacker will use it in an attack on that company.
Spray attack: The hacker knows that users try to make passwords simple and easy to remember. This is often done by using easy-to-remember phrases. This means that company name, product name themes or other words related to the employer are often part of the password. Combine this with month, year and season the hacker can simply try as many combinations as possible for as many accounts as possible – and he might be lucky!
CISOs, IT Security and others in charge of company’s cyber security want to prevent these attack types to avoid data breaches.
One of the recommended first steps would be planning the implementation and regular audits. It is important to know your baseline.
A password audit tool is a powerful auditor that can give insights on your Active Directory positioning when it comes to the security of your Users’ Account Passwords.
Look for a password audit tool that also shows the statistics on weak and common passwords, weak encryption and more.