Password Protection

No matter your cyber security processes and practices, with just ONE weak password… YOU ARE AT RISK!

Want to identify the individuals utilising poor password practices and provide them with password feedback guidance?

Benefit from real-time password protection by accessing the largest enterprise-grade Password Breach Database which holds over 6 billion compromised credentials.

Identifying password vulnerabilities

How vulnerable is your Active Directory? Whether it is for compliance or security, book an Password Security Audit and discover:

  • Who within your organisation has compromised credentials.
  • Which end-users are sharing passwords across multiple internal and social media accounts.
  • What compliance issues you have against the NIST SP 800-63B password policy standard.
  • Why password-based attacks could put you at risk.

Quick and non-intrusive, the assessment takes place remotely with no reboots. Receive your per-user risk report today.

DarkWeb Exposure Check

Risk-assessment Report provides:

List of people using AD passwords on other websites

Accounts sharing the same password

Breakdown of login activity per user

Read-only, no downtime or reboots

Secure Audit run rapidly and remotely

Deal with your password problems today!

A member of our team will contact you with a designated time slot for your assessment.

How does it work?

Detect Breached Passwords

The audit tool will analyse all in-use Active Directory passwords and compare these passwords against our Authlogics Password Breach Database which has over 6 billion breached credentials to determine which of your AD accounts are using a known breached password.

Assess all accounts

The password audit tool will compare breached passwords and 3rd-party email addresses to determine if they are the same person. This comparison allows us to highlight users who use their AD password on other websites and external systems - a very risky practice.

Password Protection

Your passwords and their hashes are kept private at all times as they never leave your network. We use a concept called k-anonymity where only a small portion of the password hash is used in the lookup and comparisons are done locally only. With this, we never know what the password is.

Achieving Password Compliance

Conforming to regulatory bodies like GDPR, CMMC and NYDFS is crucial for organisations to maintain a good IT security posture and build trust with consumers.

The biggest risk of non-compliance for companies is the associated costs, whether it be the substantial fines or the loss of customer confidence in the brand.

Authlogics are recognised Password Security Compliance Specialists who are able to ensure that your password policies reflect the NIST guidelines.

5 simple steps to strengthening your security processes

If you do business or handle personal information for citizens based in the area affected by the legislation, or work with government and military, then it’s highly likely that regulations apply to you. Systems that hold personal or financial data are highly likely to be covered by the new guidance.

Be aware of all aspects of the legislation, such as any requirement to encrypt certain data and how decryption keys should be stored. GDPR explicitly refers to the principles of ‘privacy by design’ and ‘privacy by default’. Determine the parties responsible for applying this legislation.

Ensure that desktop machines are password-protected and have a good anti-virus package installed. As we saw with the WannaCry incident, it is key to ensure systems are up-to-date with the latest Microsoft patches and virus definitions. Ensure your password policy complies with the latest regulations from NIST and that users do not have a password that has been compromised on the web.

In the event of a security breach, it is usually up to the company to prove that modern, and all reasonable best practices have been followed. Poor password management makes it easier for attackers. Adding Multi-Factor Authentication further reduces the risks associated with a password-only approach to authentication.

Legislation around data protection, such as GDPR, requires that companies show that they use a framework to continuously monitor compliance, as opposed to a single ‘point in time’ audit process. This is a sensible approach to data security. Ensure that your systems can continuously report their compliance status for passwords and ongoing Multi-Factor Authentication usage.