Security

Password malpractices and how to prevent them

With the advent of identity management technologies, and regulations like GDPR and HIPAA requiring solutions like multi-factor authentication for compliance, it may seem like cybersecurity is better than ever. However, statistics suggest otherwise. The most used password list of 2019 yet again features weak, basic passwords. '12345', 'password', and '1111111' were some of the popular passwords in 2019. A Google survey had found out that around 65% of people reuse the same password for multiple accounts. A study by the Microsoft threat research team has revealed that in the first three months of 2019 over 44 million users employed usernames and passwords had been leaked during security breaches.

With statistics proving that password malpractices are rampant, it becomes the organization's responsibility to ensure that their employees follow good password hygiene. Making password security standards mandatory,enforcing good password habits and implementing multi-factor authentication (MFA) are steps in the right direction for ensuring network security.

ADSelfService Plus, an integrated Active Directory self-service password management and single sign-on solution, offers the following settings that ensure the Active Directory domain users in your organization do not indulge in password malpractices:

• Password Policy Enforcer: This feature allows admins to create custom password policies that consist of complexity rules like:
  • Enforcing the use of all types of characters (uppercase letters, lowercase letters, numbers, and special characters).
  • Forbidding the use of dictionary words or common patterns.
  • Preventing the use of previous passwords.
  • Preventing the use of consecutive characters from the username.

  These rules help enforce the creation of strong, complex passwords during:

  • Self-service password reset using ADSelfService Plus.
  • Password change using the Ctrl+Alt+Del option.
  • Password reset using the Active Directory Users and Computers console.

  With this feature, admins have the option of creating different policies for different sets of users and enabling the policy requirement display that shows the rules that have been configured to guide users while they create passwords.

  ADSelfService Plus also offers an integration with Have I Been Pwned?, which prevents the use of breached passwords during password change or reset by users.
• Multi-factor authentication:: This feature implements multiple layers of authentication using 17 different methods including biometrics, Google Authenticator, fingerprint authentication, TOTP, and YubiKey Authenticator during:
  • Local and remote desktop logons to Windows, macOS, Linux endpoints and cloud applications (using single sign-on).
  • Active Directory self-service password reset or account unlock actions via the ADSelfService portal, ADSelfService Plus mobile app, and native Windows/macOS/Linux login screen.

Admins have the option of forcing users to enroll with ADSelfService Plus using logon scripts. Enrollment is done by providing the necessary information for multi-factor authentication like the user's mobile number in case of SMS-based authentication.

Learn more about ADSelfService Plus.