Cybercriminals strategically time their attacks for when cyber defenses are most vulnerable. The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have noticed a significant increase in ransomware attacks against US companies during holidays and weekends.... Read More
Blog
Nine ways MFA can be breached (and why passwords still matter)
Of all the access security recommendations you come across, multi-factor authentication (MFA) is arguably the most consistent. And there’s good reason many best practice recommendations and compliance frameworks now place MFA at the top of the list of security... Read More
[New research] How tough is bcrypt to crack? And can it keep passwords safe?
Earlier this year, the Specops research team published data on how long it takes attackers to brute force MD5 hashed user passwords with the help of newer hardware. Now we’ll be putting the bcrypt hashing algorithm to the test,... Read More
How to force password changes at next logon in Entra ID (formerly Azure AD)
Entra ID (formerly Azure AD) is the central component for identity and access management in Microsoft Azure, and by extension, Microsoft 365. Managing users and passwords for organization accounts requires understanding how Entra ID (formerly Azure AD) handles password... Read More
Aligning password policies with cybersecurity KPIs
As an IT pro, you’re tasked with measuring (and ultimately proving) the value of your cybersecurity investments. But how do you show that your security efforts and expenditures have the desired effect? One way is by aligning your cybersecurity... Read More
Password reuse: A hidden danger you can’t ignore
Reusing passwords is common, despite years of warnings to end users. It’s a problem that’s difficult for IT teams to get a handle on, especially if people are reusing work passwords at home. This means a breach elsewhere can... Read More
[New research] Do longer passwords protect you from compromise?
The Specops Breached Password Protection Database Now Tops Over 4 Billion Unique Compromised Passwords We’re sharing some new findings from the Specops research team about password length and how it can still be circumvented by attackers. These findings coincide... Read More
Introducing: Continuous Compromised Password Scanning for Specops Password Policy
Continuously protect against the persistent threat of password reuse with this daily check against our daily updated compromised password database Today we’re introducing a new feature for Specops Password Policy, continuous scans for the Specops Breached Password Protection service.... Read More
MGM Resorts hack: How attackers hit the jackpot with service desk social engineering
Hotel and entertainment giant MGM Resorts were left reeling in September 2023 after a serious cyber-attack that kicked off with a fraudulent call to their Service Desk. In the days after the attack, they struggled to get systems back... Read More
Enable Microsoft Entra Password Protection (formerly Azure AD Password Protection) in a hybrid environment
With default Active Directory password policies, many organizations find that users create weak, easily guessed, or incremental passwords that attackers can easily compromise. Using Microsoft Entra Password Protection (formerly Azure AD Password Protection), organizations can have an additional layer... Read More