The UK government introduced the Cyber Security and Resilience (Network and Information Systems) Bill on 12th November 2025. The Bill updates the UK’s NIS Regulations 2018 to broaden scope, strengthen reporting duties, and increase regulators’ enforcement powers. If you... Read More
Blog
Categories
800M credentials analyzed: Which breached holiday passwords made the naughty list?
With the holiday season rapidly approaching, we wanted to find out how many people previously used this time of year as inspiration for passwords that ended up breached. We analyzed 800 million compromised passwords and found the numbers tell... Read More
Active Directory secure by design: Building resilience from the ground up
Active Directory wasn’t built with today’s threat landscape in mind. When Microsoft released Active Directory with Windows 2000, the primary concerns were directory services functionality and network efficiency – not defending against sophisticated nation-state actors or ransomware groups. Yet... Read More
Not all MFA is equal: Why you need phishing and fatigue resistant MFA
Implementing MFA should really be a non-negotiable in 2025. But here’s what many organizations don’t realize: checking the MFA box doesn’t automatically make your organization secure. However, MFA isn’t infallible and the type of authentication factor you choose matters... Read More
Meeting NCSC CAF requirements: A healthcare provider’s password and MFA journey
Picture this: you’re leading IT security for a mid-sized NHS trust when notice arrives that you need to demonstrate alignment with the NCSC’s Cyber Assessment Framework (CAF). You know immediately where some gaps will show up – authentication controls.... Read More
YubiKey guide: What is a YubiKey and why should you use one?
Stolen credentials remain one of the most common entry points for attackers, according to the Verizon Data Breach Investigations Report. Phishing campaigns, credential stuffing, and other credential-based attacks continue to evolve, targeting both cloud and on-premises systems. To reduce... Read More
Investigating CJIS? Lock down password compliance with Specops
When we think about criminal justice and cybersecurity, the imagination isn’t immediately drawn to compliance. Meeting policy requirements isn’t as flashy or exciting as a hooded hacker using a laptop to defeat their foes. The realm of cybercrime is known... Read More
CJIS compliance: How to meet password and MFA requirements
If you’re responsible for password security at a law enforcement agency or organization that handles criminal justice data, CJIS compliance isn’t optional. It’s the baseline for protecting some of the most sensitive information in the country. The FBI’s Criminal... Read More
[New research] FTP ports under attack: Which passwords are hackers using?
The Specops research team has analyzed passwords being used to attack FTP ports over the past 30 days, in live attacks happening against real networks. Our team have found the most common passwords being used in brute force attacks,... Read More
Quishing attacks: How QR codes steal credentials
QR codes have been around for a while, but they became far more widespread in daily life after the COVID-19 pandemic. What started as contactless menus became boarding passes, payment systems, and authentication gateways. But this ubiquity created a... Read More