It’s no surprise that AI’s explosive growth in the last five years has also greatly expanded the need for sophistication and preparation from security threats. While artificial intelligence presents new challenges, machine learning and neural networks also expand security... Read More
Blog
[New research] Learn what 1 billion+ malware-stolen credentials mean for your 2025 security to-do list
The Specops research team have launched the 2025 Breached Password Report, which contains analysis of over 1 billion malware-stolen passwords. The launch of the report also coincides with the latest addition of over 210 million compromised passwords to the Specops Breached... Read More
The future of passwords: Emerging technologies and trends
While some experts keep predicting their demise, the reality is that passwords aren’t going anywhere soon — they remain at the heart of how we secure our digital world. New security tools are emerging, but they’re working alongside passwords, not replacing... Read More
Credential-based attacks: Key types, how they work, and defense strategies
Credential-based attacks remain a significant threat to organizations of all sizes. According to the Verizon Data Breach Investigations Report (DBIR), lost or stolen credentials are the most common way for cybercriminals to gain initial access to systems. Google Cloud... Read More
How to build a PCI-compliant password policy
The Payment Card Industry Data Security Standard (PCI DSS) is a set of guidelines designed to protect cardholder data and ensure that organizations handling payment card information maintain a secure environment. Among its many requirements, PCI DSS places significant... Read More
Specops Software Introduces API for Specops Secure Service Desk to Authenticate End User Identity
New API opens up the ability for organizations to use the Specops Authentication platform to verify end users in ITSM tools like ServiceNow Today, Specops Software announced the release of a new API for its Secure Service Desk product.... Read More
[New research] How well does SHA256 protect against modern password cracking
The Specops research team have previously published data on how long it would take for hackers to brute force hashed user passwords. We set up hardware to test two different algorithms: MD5 hashed passwords and bcrypt hashed passwords. Now,... Read More
Ten security best practices for Active Directory service accounts
Microsoft Active Directory is arguably one of the most attacked resources that you can run on-premises. The reason for this is that it stores the “keys to the kingdom.” Everything identity related on-premises and even in hybrid-joined cloud environments... Read More
TfL forced to manually reset 30K passwords after cyber-attack – is there an easier way?
In early September 2024, Transport for London (TfL) found itself at the epicenter of a sophisticated cyber-attack. As the news broke, the scale of the breach became apparent, leading to operational disruptions and the need for an immediate, robust... Read More
How to communicate a new password policy to your end users
Rolling out a new password policy without a communication plan is a recipe for disaster. You want to avoid a situation where all end users are prompted to change their passwords without understanding what they’re doing or why –... Read More