Take an Offensive Approach to Password Security by Continuously Monitoring for Breached Passwords

Passwords are at the core of securing access to an organization’s data. However, they also come with security vulnerabilities that stem from their inconvenience. With a growing list of credentials to keep track of, the average end-user can default to shortcuts. Instead of creating a strong and unique password for each account, they resort to easy-to-remember passwords, or use the same password for every account and application.

Password reuse is both common and risky. 65% of users admit to reusing their credentials across multiple sites. Another analysis of identity exposures among employees of Fortune 1000 companies found a 64% password reuse rate for exposed credentials. Pair these findings with the fact that a vast majority (80%) of all data breaches are sourced from lost or stolen passwords, and we have a serious problem. In short, a breached password from one system can be used to compromise another. So, what does this all mean for your organization?

The real risk of password reuse 

Password reuse is far more consequential for business accounts than personal accounts. If an employee’s reused credentials get compromised, even for a simple productivity tool, a cybercriminal could easily test it against other applications and systems that could grant them access to sensitive data like customer information, company trade secrets. They could also halt operations by deploying ransomware throughout the network — putting even more IT resources at risk.

Unfortunately, many organizations lack a comprehensive system to prevent password reuse, like blocking the use of weak, breached, or high-probability passwords. Often times, action is not taken until it is too late.

Mitigating the security implications of password reuse

End-users are not likely to implement password best practices on their own. For the sake of convenience, they will:

  • Use common character composition patterns
  • Reuse the same password across multiple accounts (even across personal and work)
  • Continue to use compromised passwords unless they are forced to change them

Each of the above puts your organization in a vulnerable position. You must implement security tools and policies that solve the password reuse problem. Unfortunately, the most common solution still leaves us vulnerable.

Multi-factor authentication is not enough

Multi-factor authentication (MFA) adds a security layer by requiring users to submit an additional verification method like a PIN or push notification. It can help secure an account despite a password compromise due to that extra factor required.

The problem: MFA is a great way to add security to protect end-users. But there are still many ways attackers can bypass authentication methods, especially if they already have the user’s password.

Solving the password reuse security gap with Specops Password Policy 

Specops Password Policy gives IT administrators the ability to enforce stronger password policies in Active Directory environments and mitigate the risk of reused and compromised passwords.

Specops Password policy with Breached Password Protection allows you to block over 4 billion unique known and compromised passwords. With the continuous compromised scanning feature activated, passwords are continuously checked against the persistent threat of password reuse. The Breached Password Protection data is also continuously updated with passwords collected by our honeypot network system and newly discovered password leaks.

Enforce robust password security with Specops Software

Despite their necessity to maintain account security, passwords leave IT resources vulnerable. Don’t wait until after a breach to enforce stronger passwords, contact Specops Software today. See how your organization can enforce stronger password policies, check for breached passwords 24/7, provide secure authentication solutions and more.

Posted in Security

Leave a Comment

Your email address will not be published. Required fields are marked *

*
*