Breached passwords and how they endanger data security
Employees in an organization tend to maintain multiple enterprise accounts along with their Active Directory domain accounts and often have to change their passwords on a regular basis. To prevent the creation of weak passwords due to password fatigue, policies that dictate the minimum length of the password and make the usage of different types of characters mandatory are employed. However, sometimes, a password that checks all the boxes of a password policy could have been exposed in a data breach. During data breaches, attackers often save the usernames and passwords involved, and successfully use them in other breaches.
Preventing the use of such breached passwords is a necessary step in account protection. Have I Been Pwned? is a service that warns users if the password they have created has been breached before. ADSelfService Plus, an Active Directory self-service password management and single sign-on solution, offers an integration with Have I Been Pwned? that alerts domain users when the passwords they create during any of the below actions have been breached:
- Self-service password reset using ADSelfService Plus
- Password change using the Ctrl+Alt+Del option.
- Password reset using the Active Directory Users and Computers console.
Have I Been Pwned? integration can be enabled in ADSelfService Plus with minimal steps:
- Download and install ADSelfService Plus.
- Configure your Active Directory domains.
- Log in to ADSelfService Plus as default Admin.
- Navigate to Admin → Product Settings → Integration Settings.
- Click the Have I Been Pwned? tile.
- Click Enable HaveIBeenPwned Integration
Other benefits of using ADSelfService Plus:
- Allows admins to create custom password policies for specific OUs and groups using the Password Policy Enforcer feature.
- Implements multi-factor authentication for identity verification using methods like YubiKey Authenticator, Microsoft Authenticator, and Duo Security during endpoint (Windows, macOS, and Linux machines) and cloud application logins (using SSO).
- Informs users of impending password or account expiration using the Password Expiration Notification feature.
Learn more about ADSelfService Plus.
Simplify password management with ADSelfService Plus.
Your download is in progress and it will be completed in just a few seconds!
If you face any issues, download manually here
Self-service password management and single sign-on solution
ManageEngine ADSelfService Plus is an integrated self-service password management and single sign-on solution for Active Directory and cloud apps. Ensure endpoint security with stringent authentication controls including biometrics and advanced password policy controls.
- Related Products