In June 2021, a large data dump was posted to a popular internet hacking forum. This dataset was termed “rockyou2021,” named after the popular password brute-force wordlist known as Rockyou.txt. Media and Twitter alike were abuzz with what to... Read More
Compliance
Microsoft password expiration recommendation
Microsoft Active Directory provides built-in password policies to control various aspects of password management in the environment. One of the password configurations traditionally controlled at the password policy level is password expiration. Many organizations use password expiration policies to secure Active Directory accounts as part of... Read More
Pipeline Cybersecurity Initiative best practices
There is no question that ransomware attacks are on the rise. They present what is arguably the most dangerous risk to businesses today when looking at the cybersecurity threat landscape. Recently, a ransomware attack impacted the Colonial Pipeline, one of the largest fuel... Read More
Service account security best practices
There are number of privileges and roles granted to Windows users. However, it’s often necessary to restrict roles to specialized accounts called service accounts. These Active Directory (AD) accounts have deeper access to OS infrastructure, making them both handier and higher-priority... Read More
What is the NCSC guidance on password managers?
To keep our accounts secure across the multiple services that we use, we need to choose strong passwords that are unique for each account or service. Yet, 52% of people reuse the same password for multiple accounts. Remembering multiple strong passwords for perhaps dozens of... Read More
PCI compliance requirements in the UK
In 2018, criminals successfully stole £1.2 billion through fraud and scams. Now more than ever, businesses that processes cardholder data look to the Payment Card Industry Data Security Standard (PCI DSS) for security recommendations. PCI DSS is a set... Read More
NIST Password Standards
The National Institute of Standards and Technology (NIST) sets the information security standards for federal agencies. Through its Special Publication (SP) 800-series, NIST helps organizations meet regulatory compliance requirements such as HIPAA, and SOX. The recent update to the... Read More
Specops uReset and GDPR compliance
With the introduction of Specops uReset (version 8.1 or later) in the Microsoft EU data center, organizations can now choose which instance of Specops uReset they want to use. Specops uReset is a hybrid password reset solution. The cloud... Read More
How do I create HITRUST compliant password policies?
The HITRUST CSF clarifies guidelines on security standards for the healthcare industry with specific feature recommendations where the password management system is concerned. Read More
How and why the NHS should transform password policy for greater security
The password policy guidance from the NHS doesn't stand a chance against today's attacks. With a single breach opening the door to other systems, the NHS needs to stop users from using vulnerable passwords. Read More