The Payment Card Industry Data Security Standard (PCI DSS) is a set of guidelines designed to protect cardholder data and ensure that organizations handling payment card information maintain a secure environment. Among its many requirements, PCI DSS places significant... Read More
Password Policy Management
Ten security best practices for Active Directory service accounts
Microsoft Active Directory is arguably one of the most attacked resources that you can run on-premises. The reason for this is that it stores the “keys to the kingdom.” Everything identity related on-premises and even in hybrid-joined cloud environments... Read More
NIST password guidelines: Full guide to NIST password compliance
Many look to the National Institute of Standards and Technology (NIST) guidelines as the gold standard when it comes to cybersecurity best practices. But as you’ve likely heard, NIST has updated its password guidelines in the latest draft of... Read More
Creating a custom password-exclusion dictionary with ChatGPT
When cybercriminals attempt to crack passwords, it makes sense to go for the lowest hanging fruit. They’re going to start by trying the most common, easy-to-guess passwords, as chances are some end users are bound to have chosen them.... Read More
Five strategy recommendations for planning a password policy
An Active Directory full of strong, non-compromised passwords should be an essential cybersecurity goal for every organization. A clearly articulated and enforceable password policy strategy is the best way to put this into practice. However, it’s important to tailor... Read More
How we use Threat Intelligence to find new breached passwords
What makes a good breached password list? Numbers are a good start – the more breached passwords you can cross-reference against your Active Directory, the better. You want to maximize your chances of detecting end users who are using... Read More
New hires, old problems: How to reduce password risk during onboarding
The first week of a new job always seems to involve plenty of time with the IT team – especially when onboarding remote employees. Setting up hardware, accesses, and passwords is an essential step. One of the first and... Read More
How much are weak passwords costing your organization?
Bad passwords can be a direct and indirect financial drain on any organization. They’re often the weakest link in a security chain, allowing hackers easy access to sensitive systems and data. Cyber-attacks and breaches are the obvious risks, but... Read More
Why use passphrases over passwords? | Passphrase best practice guide
A passphrase is a password; it’s simply one that’s made up of random whole words (usually, three, or four). So if a passphrase is just a password, why does it matter which one we enforce end users to create?... Read More
Six attack paths in Active Directory and how to remediate them
One of the crown jewels for an attacker who infiltrates an enterprise environment is Active Directory Domain Services (AD DS). There are several attack paths the “blue team” needs to remediate to bolster the security of Active Directory. Remediating... Read More