We marked our calendars, counting down the months, days, and minutes. Now, the day we’ve all been waiting for is here: the 60th anniversary of the computer password! Since its beginning in an MIT lab in the fall of... Read More
Blog
Categories
FFIEC password requirements
Cyberattacks often target the financial industry due to the nature of the information they possess. One of the organizations that provide cybersecurity guidance and standards for financial institutions is the Federal Financial Institutions Examination Council (FFIEC). While the FFIEC does not offer specific password characteristics... Read More
Friends or Simpsons? New data shows which TV shows are most popular in breached passwords
Looking to catch up with your favorite TV show as it returns this month? You might want to rethink expressing your fandom in your password, as new research from the Specops team shows which TV shows are most popular in... Read More
Block These Recently Leaked VPN Passwords to Prevent Ransomware Attacks [new data]
Worried about ransomware attacks? Recent attack news indicates you should be looking to secure your VPN connections. Last week, we learned that thousands of Fortinet VPN passwords had been leaked on the dark web by a former ransomware operator.... Read More
Troubleshooting tips for Microsoft Entra (formerly Azure AD) banned password list
Not all implementations of Microsoft Entra Password Protection (formerly Azure AD Password Protection) go smoothly. This blog explores some quirks with the banned password lists, and offers remediation and troubleshooting tips related to banned password list in Microsoft Entra. Understanding the Scoring System Many teams get tripped up when... Read More
Open ports and their vulnerabilities
One of the age-old tenets of good network security is only open network ports that are necessary and make sure you have protection around any port open to the outside world to avoid open port vulnerabilities. Open ports provide... Read More
Division 1 College Football Teams and Mascots Keep Showing Up on Breached Password Lists
The Rambling Wreck of Georgia Tech may not have earned a single vote in the AP’s preseason college football Top 25 rankings, but when it comes to appearing on breached password lists, the prestigious university ranks #1. In conjunction with the... Read More
Why cached credentials are causing account lockouts
Active Directory user accounts can get locked out due to a number of reasons, especially when working remotely. Windows systems can cache credentials for users. Yet, cached credentials causing account lockouts is a major problem for remote users. Cached Active Directory credentials To understand the purpose of... Read More
Defending Your Network from RockYou2021
In June 2021, a large data dump was posted to a popular internet hacking forum. This dataset was termed “rockyou2021,” named after the popular password brute-force wordlist known as Rockyou.txt. Media and Twitter alike were abuzz with what to... Read More
Microsoft password expiration recommendation
Microsoft Active Directory provides built-in password policies to control various aspects of password management in the environment. One of the password configurations traditionally controlled at the password policy level is password expiration. Many organizations use password expiration policies to secure Active Directory accounts as part of... Read More