Security

Defend against password hacking

With passwords still being the mostly widely used mechanism to secure resources, hackers come up with many ways of stealing passwords, ranging from shoulder surfing to using sophisticated password cracking tools. Put simply, when it comes to ensuring network security, it’s up to the IT administrators to enforce stringent password policies and ensure employees create strong passwords for their on-premises and cloud accounts.

How hackers crack passwords

To help better understand how hackers get user passwords, we have listed the top three password hacking mechanisms.

1. Brute force and dictionary attacks: In this method, hackers leverage weak and reused user passwords by trying exhaustive combinations of passwords against a specific set of user accounts.
2. Social engineering: In this method, hackers will send pretext calling or mailing to gain access to user passwords.
3. Keystroke logging: In this method, hackers capture user keystrokes through with an installed malicious malware

Building better password policies is the precursor for ensuring stronger passwords

ManageEngine ADSelfService Plus is an integrated self-service password management and single sign on solution. It offers advanced password policy settings through its Password Policy Enforcer feature for Active Directory and cloud accounts. With ADSelfService Plus, admins can,

• Restrict the usage of weak passwords, palindromes, keyboard sequences, and dictionary words.
• Enforce longer passwords.
• Restrict breached passwords by integrating the Have I been Pwned API service.
• Disallow password reuse.
• Enforce longer passwords.
• Encourage the use of passphrases.

And more. Additionally, admins can also enforce an additional authentication factor to Windows, macOS, and Linux logons.