One of the new movements in authentication technology is called passwordless authentication. With passwordless authentication, end-users can use other means to sign in aside from the traditional password. Microsoft’s Temporary Access Pass for Azure Active Directory (Azure AD) allows... Read More
Compliance
Is your SSO login protected enough?
Today, many organizations use more systems than ever, spanning on-premises and cloud environments. As a result, employees are tasked with remembering more and more passwords as the number of systems and services continues to grow. Single Sign-On (SSO) is... Read More
Government of Canada password policy and best practices
Governments worldwide document specific guidance related to cybersecurity and define best practices related to protecting business-critical resources from attack. The Government of Canada (GC) provides detailed password guidance best practices to keep passwords from being compromised. In this review... Read More
Compliance Falls Short: New Research Shows Up to 83% of Known Compromised Passwords Would Satisfy Regulatory Requirements
Organizations of all kinds look to regulatory recommendations and standards for guidance on how to best construct a secure password policy for their networks. However, new research shows regulatory password complexity and construction recommendations are not enough. Today, the... Read More
What’s new in PCI DSS V4.0
Organizations that store, process, or transmit cardholder data fall under the compliance framework known as PCI-DSS (Payment Card Industry Data Security Standard). It helps protect cardholders and businesses dealing with cardholder data from cyber attacks and breaches. The PCI... Read More
NIST 800-53 guidelines and requirements
To help increase their cybersecurity posture and successfully meet compliance regulations, organizations must consult the latest guidance regarding security and privacy controls for securing business-critical data. The National Institute of Standards and Technology (NIST) is a respected authority for... Read More
How to make your password policy NCSC compliant
The National Cyber Security Centre (NCSC), formerly known as the CESG, introduced new password recommendations to combat the swell of data breaches. What was once perceived as a best practice, such as password complexity, is now considered an anti-pattern.... Read More
NIST 800-63b Password Guidelines and Best Practices
The most basic form of authentication is the password. Despite many advancements in cybersecurity, the username and password, although outdated, are still used as the most common form of authentication today. Enterprise environments have long used password policies to... Read More
Active Directory reversible encryption explained
If you have administered password policies in Active Directory or looked at the local policies present in the Windows client operating system, you may have noticed an interesting setting contained in the Account policies section. The setting is Store... Read More
Zero to hero: save your org from cyber-attack with a zero trust model
Zero trust mentality: sounds kinda harsh, doesn’t it? Here at Specops it doesn’t mean we can’t trust our colleagues not to eat our yogurt out of the office fridge, but it does mean we lock our computers before leaving... Read More