Securing Active Directory accounts against password-based attacks

2020-09-08 05:00

In the meantime, most of us need something to prevent our worst instincts when it comes to choosing passwords: using personal information, predictable keystroke patterns, password variations, well-known substitutions, single words from a dictionary and - above all - reusing the same password for many different private and enterprise accounts.

The thing is, most older password policy tools don't provide a method to check if a password is strong and not compromised once the password is chosen/set.

The solution checks the password both when it's created and when it's reset and checks it daily against this real-time compromised password database.

The tool uses a standard password filter object to create a new password policy that works anywhere that defers to Active Directory, including Azure AD and third-party password reset tools.

"It's a low complexity tool, but this is where it really shines: it allows you to screen passwords against a massive database of compromised passwords that gets updated every day - and allows you to do this at lightning speed, so that it can be done at the time that the password is being created without any friction or interruption to the user - and it rechecks that password each day, to detect when a password is no longer secure and trigger/mandate a password change."

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/6NK7SBbPXNE/

#activedirectory #attack