Security

Active Directory Attributes » Worst/Bad Password List and Strong Password Suggestions

The Worst Password List for 2019 and what it tells us about password practices

The worst password list for 2019 released by NordPass, once again, proves that users still do not create strong and complex passwords that are resilient to breaches. Here is a look at the top 10 most used passwords from this list:

  1. 12345
  2. 123456
  3. 123456789
  4. test1
  5. password
  6. 12345678
  7. zinch
  8. g_czechout
  9. asdf
  10. qwerty

The first three passwords in this list are created by merely entering numerical characters in sequence. The word 'password,' which is the fifth most used, happens to be used by approximately 800,000 users. Users' password hygiene has not seen much improvement compared to the previous years. If Active Directory domain users indulge in creating such passwords without giving much thought to password strength, the network security of their organizations is likely to be at risk.

A simple step towards improving password security is enforcing password policies, which consist of rules that dictate how a password must be composed. Once a password policy is configured and applied, its conditions must be satisfied by every password that users create. Examples of these rules are:

  • A minimum and maximum password length.
  • Mandatory use of uppercase and lowercase letters.
  • Restricting the use of specific phrases or words.

When users abide these rules, they create strong and complex passwords that are resilient to attacks.

Another way to strengthen the passwords is to prevent users from using passwords that have already been exposed. Attackers are notorious for saving the passwords they misappropriate during data breaches and using them for future attacks. With password reuse being another dangerous habit, if users are not thwarted from using exposed credentials, their accounts risk being breached.
Wouldn't it be great if you had a tool that would help you enforce stronger password policies and also refrains users from reusing their passwords?

Introducing ADSelfService Plus, an integrated Active Directory self-service password management and single sign-on solution, that offers the Password Policy Enforcer feature. This capability allows admins to create custom password policies and apply them to:

  • Self-service password reset and password change using ADSelfService Plus.
  • Password change using the Ctrl+Alt+Del option.
  • Password reset using the Active Directory Users and Computers console.

This feature also allows admins to enforce rules that aid in creating strong passwords. Some of these include:

  • Enforcing the use of all types of characters (uppercase letters, lowercase letters, numbers, and special characters).
  • Forbidding the use of dictionary words or patterns.
  • Preventing the use of previous passwords.
  • Preventing the use of consecutive characters from the username.
  • Preventing the use of consecutive characters from old passwords.
  • Enforcing a minimum number of Unicode characters.

And that's not all! ADSelfService Plus integrates with Have I Been Pwned?, a service that warns users if the password they have created has been breached before. With this integration, the domain users are alerted when the passwords they create by any of the methods listed below, have been exposed before:

  • Self-service password reset using ADSelfService Plus
  • Password change using the Ctrl+Alt+Del option.
  • Password reset using the Active Directory Users and Computers console.

Apart from the Password Policy Enforcer and integration with Have I Been Pwned?, ADSelfService Plus also offers other features to protect AD accounts in the organization. Some of these include:

  • Multi-factor Authentication (MFA): Supported for local and remote desktop logons to Windows, Mac, Linux endpoints and cloud applications.
  • Single Sign-on: Allows users to log into the ADSelfService portal once and access other enterprise applications like G Suite, Office 365, and Salesforce without logging in again.
  • Password Expiration Notification: Notifies users about their soon-to-expire passwords and domain accounts through mail, SMS, or push notifications.

Learn more about ADSelfService Plus.

Simplify password management with ADSelfService Plus.

  • Please enter a business email id
  •  
  •  
    By clicking 'Get Your Free Trial', you agree to processing of personal data according to the Privacy Policy.

Thanks!

Your download is in progress and it will be completed in just a few seconds!
If you face any issues, download manually here

Self-service password management and single sign-on solution

ManageEngine ADSelfService Plus is an integrated self-service password management and single sign-on solution for Active Directory and cloud apps. Ensure endpoint security with stringent authentication controls including biometrics and advanced password policy controls.