Security News > 2023 > September > Can we fix the weaknesses in password-based authentication?
If a user's password is found on the breached password list, they should be prompted to change it immediately.
The same breached password list can also be used to block users from selecting compromised passwords in the first place.
To further strengthen password security, a third-party password policy tool, like Specops Password Policy, can enforce additional complexity requirements, and disallow common passwords creation patterns that can leave it vulnerable to attacks.
Specops Password Policy with Breached Password Protection also blocks the use of over 4 billion unique compromised passwords and offers continuous compromised password scanning.
To detect the use of compromised passwords within Active Directory, Specops Software also offers a feel tool, Specops Password Auditor.
Even when additional security measures, like MFA, are in place, we still need to optimize our password policies to counter poor password practices.