Looking to catch up with your favorite TV show as it returns this month? You might want to rethink expressing your fandom in your password, as new research from the Specops team shows which TV shows are most popular in... Read More
Blog
Categories
Block These Recently Leaked VPN Passwords to Prevent Ransomware Attacks [new data]
Worried about ransomware attacks? Recent attack news indicates you should be looking to secure your VPN connections. Last week, we learned that thousands of Fortinet VPN passwords had been leaked on the dark web by a former ransomware operator.... Read More
Troubleshooting tips for Microsoft Entra (formerly Azure AD) banned password list
Not all implementations of Microsoft Entra Password Protection (formerly Azure AD Password Protection) go smoothly. This blog explores some quirks with the banned password lists, and offers remediation and troubleshooting tips related to banned password list in Microsoft Entra. Understanding the Scoring System Many teams get tripped up when... Read More
Open ports and their vulnerabilities
One of the age-old tenets of good network security is only open network ports that are necessary and make sure you have protection around any port open to the outside world to avoid open port vulnerabilities. Open ports provide... Read More
Division 1 College Football Teams and Mascots Keep Showing Up on Breached Password Lists
The Rambling Wreck of Georgia Tech may not have earned a single vote in the AP’s preseason college football Top 25 rankings, but when it comes to appearing on breached password lists, the prestigious university ranks #1. In conjunction with the... Read More
Why cached credentials are causing account lockouts
Active Directory user accounts can get locked out due to a number of reasons, especially when working remotely. Windows systems can cache credentials for users. Yet, cached credentials causing account lockouts is a major problem for remote users. Cached Active Directory credentials To understand the purpose of... Read More
Defending Your Network from RockYou2021
In June 2021, a large data dump was posted to a popular internet hacking forum. This dataset was termed “rockyou2021,” named after the popular password brute-force wordlist known as Rockyou.txt. Media and Twitter alike were abuzz with what to... Read More
Microsoft password expiration recommendation
Microsoft Active Directory provides built-in password policies to control various aspects of password management in the environment. One of the password configurations traditionally controlled at the password policy level is password expiration. Many organizations use password expiration policies to secure Active Directory accounts as part of... Read More
Premier League Clubs May Want to Be Relegated from This Breached Password List
Chelsea, one of England’s most successful football clubs, can add another trophy to their record today, as they rank in first place on Specops’ breached password list. This is according to our new research, ahead of the start of the Premier League 2021 season,... Read More
How to set ‘User must change password at next logon’ flags in Active Directory
The User must change password at next logon setting can be flagged in a couple of different scenarios in Active Directory, including when a user account password has expired, or when an administrator manually sets the flag on an account. This setting is a... Read More