Authlogics Password Security Management

Password Security Management (PSM) is a comprehensive auditing, real-time protection and remediation suite designed to ensure that your passwords are safe, secure and comply with regulations. It protects against common identity-based attacks (e.g. phishing, keylogging etc) and reduces the password burden for users. Helpdesk and lost productivity costs are further reduced via a One Time Code protected Self Service Portal which empowers users to securely manage their own account.

PSM goes beyond NIST SP 800-63B policy guidance by validating password changes in real-time and well as retrospectively. It is non-intrusive and quick to deploy and includes a combination of granular policy controls, a rules engine, a custom blacklist and heuristics. PSM is powered by the Authlogics Password Breach Database which contains over 4.5 billion previously compromised credentials to keep your Active Directory safe and compliant.

Product Benefits

  • NEW: Real-time password policy compliance feedback via Web Browser and Windows Desktop.
  • NEW: Alerting for inactive / dormant accounts.
  • Reduce the risk of a Phishing, dictionary or brute force attack with real-time and ongoing protection from breached and shared passwords.
  • Remove the burden of continually changing passwords to reduce helpdesk costs and improve productivity.
  • Stay protected with a continuously updated password breach database.
  • Compliance with NIST SP 800-63B, NCSC, CMMC, GDPR and other digital identity guidelines.
  • NEW: Password Expiry Meter – encourage users to make longer passwords.
  • NEW: Daily password audit reports, constant identification and immediate fix of breached passwords across all accounts including service accounts.
  • NEW: Simultaneously use traditional passwords and passphrases.
  • Empower users to manage and reset their own AD password with built in One Time Code security protection.
  • Rapidly respond when a weakness is found with automatic remediation of effected accounts.

How does Authlogics PSM compare?

Password Policy Compliance with NIST SP800-63BAuthlogics TickCompetitor CrossCompetitor TickCompetitor TickCompetitor TickCompetitor Tick
Self-Service Portal with built-in via 2nd factor OTP resetAuthlogics TickCompetitor TickCompetitor CrossCompetitor CrossCompetitor CrossCompetitor Tick
Shared password detection and protectionAuthlogics TickCompetitor CrossCompetitor CrossCompetitor CrossCompetitor CrossCompetitor Cross
Optional Desktop Agent for password change feedbackAuthlogics TickCompetitor CrossCompetitor CrossCompetitor CrossCompetitor CrossCompetitor Tick
Automatic Active Directory account remediationAuthlogics TickCompetitor CrossCompetitor TickCompetitor CrossCompetitor CrossCompetitor Cross

Are you in our Password Breach Database?  Check now for free.

Password Security Management Components

Authlogics Password Security Management has been designed to assess existing password related weaknesses, report on the current threats and risks, automatically remediate the problem and provide ongoing real-time protection and alerting from new password breaches.

Password Breach Database

Active Directory Password Auditing

Pre & Post Password Change Protection

User Self Service Portal

Ensuring that compromised usernames and passwords from an unrelated security breach are not used to gain access to corporate systems is a crucial part of meeting the NIST password guidelines. The Authlogics Password Breach Database consists of over 4.5 billion breached credentials and is continually updated. The Authlogics Password Security Portal provides an insightful view of the public breach data relevant to your organisation constructed using AI and BI logic from multiple data breach sources.

Many corporate Active Directory databases have been in existence for decades and may contain very old and well-known passwords. Password Security Manager can perform a detailed Active Directory password audit of the existing directory data and provide a detailed per-user report including dormant accounts, accounts with breached passwords and passwords shared within and outside of the network.

Password Security Management can automatically raise alerts and remediate Active Directory user accounts which have breached or shared passwords by either forcing them to be changed at next logon or by disabling the account. When a new password is created, PSM uses a combination of a rules engine, custom blacklists, heuristic scanning and the Password Breach Database to ensure weak passwords are rejected. These rules are NIST compliant by default.

The included Self Service Portal empowers users to manage their own account so that they can reset their own password and unlock their own account. This cuts helpdesk call volumes and costs while improving user productivity. The portal works on desktop and mobile devices and has built-in One Time Code protection for added security.

Getting Started

The requirements for using Authlogics Password Security Management are:

  • Installing the Authlogics Authentication Server are as follows:
    • Windows Server 2019, 2016, 2012 R2 or 2012
    • Microsoft Active Directory
  • Deploy the Domain Controller Agent

How do breached passwords affect security?

Online systems containing user information, email addresses and plain-text passwords are constantly being breached and phishing scams are all too common. Compound this with user’s propensity to share passwords and login details between work, social networks and other websites and you have a recipe for disaster. Given that over 80% of users tend to share passwords between websites, a breach of an Internet site could have a direct impact on your company’s internal systems. This fact has been recognised by NIST (National Institute of Standards and Technology) who specifically address the issue as part of the SP 800-63B guidance (June 2017) for setting passwords.

Critically, the new guidance emphasizes that any new passwords should not appear in any previous password breach. This ensures that the new password chosen cannot be determined from any compromised data used by increasingly sophisticated criminals and hackers. Password Security Management uses the Authlogics Password Breach Database which contains over 4.5 billion previously compromised credentials to ensure this isn’t the case.

Password Security Portal user data example

Latest NIST SP 800-63B prescriptive password policy guidance highlights:

  • Check against a database of previously breached passwords
  • Minimum length of 8 characters, no maximum length
  • No forced password expiration
  • No more enforced composition rules
  • No requirement for a mixture of uppercase, lowercase and special characters
  • Anything goes, including emojis

Have a question about Password Security Management, password security or compliance?