No matter your cyber security processes and practices, with just ONE weak password… YOU ARE AT RISK!
Want to identify the individuals utilising poor password practices and provide them with password feedback guidance?
Benefit from real-time password protection by accessing the largest enterprise-grade Password Breach Database which holds over 6 billion compromised credentials.
How vulnerable is your Active Directory? Whether it is for compliance or security, book an Password Security Audit and discover:
Quick and non-intrusive, the assessment takes place remotely with no reboots. Receive your per-user risk report today.
DarkWeb Exposure Check
List of people using AD passwords on other websites
Accounts sharing the same password
Breakdown of login activity per user
Read-only, no downtime or reboots
Secure Audit run rapidly and remotely
The audit tool will analyse all in-use Active Directory passwords and compare these passwords against our Authlogics Password Breach Database which has over 6 billion breached credentials to determine which of your AD accounts are using a known breached password.
The password audit tool will compare breached passwords and 3rd-party email addresses to determine if they are the same person. This comparison allows us to highlight users who use their AD password on other websites and external systems - a very risky practice.
Your passwords and their hashes are kept private at all times as they never leave your network. We use a concept called k-anonymity where only a small portion of the password hash is used in the lookup and comparisons are done locally only. With this, we never know what the password is.
Conforming to regulatory bodies like GDPR, CMMC and NYDFS is crucial for organisations to maintain a good IT security posture and build trust with consumers.
The biggest risk of non-compliance for companies is the associated costs, whether it be the substantial fines or the loss of customer confidence in the brand.
Authlogics are recognised Password Security Compliance Specialists who are able to ensure that your password policies reflect the NIST guidelines.
If you do business or handle personal information for citizens based in the area affected by the legislation, or work with government and military, then it’s highly likely that regulations apply to you. Systems that hold personal or financial data are highly likely to be covered by the new guidance.
Be aware of all aspects of the legislation, such as any requirement to encrypt certain data and how decryption keys should be stored. GDPR explicitly refers to the principles of ‘privacy by design’ and ‘privacy by default’. Determine the parties responsible for applying this legislation.
Ensure that desktop machines are password-protected and have a good anti-virus package installed. As we saw with the WannaCry incident, it is key to ensure systems are up-to-date with the latest Microsoft patches and virus definitions. Ensure your password policy complies with the latest regulations from NIST and that users do not have a password that has been compromised on the web.
In the event of a security breach, it is usually up to the company to prove that modern, and all reasonable best practices have been followed. Poor password management makes it easier for attackers. Adding Multi-Factor Authentication further reduces the risks associated with a password-only approach to authentication.
Legislation around data protection, such as GDPR, requires that companies show that they use a framework to continuously monitor compliance, as opposed to a single ‘point in time’ audit process. This is a sensible approach to data security. Ensure that your systems can continuously report their compliance status for passwords and ongoing Multi-Factor Authentication usage.