Governments worldwide document specific guidance related to cybersecurity and define best practices related to protecting business-critical resources from attack. The Government of Canada (GC) provides detailed password guidance best practices to keep passwords from being compromised. In this review... Read More
Specops Software Blog
Compliance Falls Short: New Research Shows Up to 83% of Known Compromised Passwords Would Satisfy Regulatory Requirements
Organizations of all kinds look to regulatory recommendations and standards for guidance on how to best construct a secure password policy for their networks. However, new research shows regulatory password complexity and construction recommendations are not enough. Today, the... Read More
What’s new in PCI DSS V4.0
Organizations that store, process, or transmit cardholder data fall under the compliance framework known as PCI-DSS (Payment Card Industry Data Security Standard). It helps protect cardholders and businesses dealing with cardholder data from cyber attacks and breaches. The PCI... Read More
NIST 800-53 guidelines and requirements
To help increase their cybersecurity posture and successfully meet compliance regulations, organizations must consult the latest guidance regarding security and privacy controls for securing business-critical data. The National Institute of Standards and Technology (NIST) is a respected authority for... Read More
How to make your password policy NCSC compliant
The National Cyber Security Centre (NCSC), formerly known as the CESG, introduced new password recommendations to combat the swell of data breaches. What was once perceived as a best practice, such as password complexity, is now considered an anti-pattern.... Read More
Password Managers with AD Integration: What to Look For
Organizations looking to manage passwords beyond the Active Directory password might choose to do so with an enterprise password manager. Organizations that run on Active Directory will have an AD integration at the top of their shopping list. So,... Read More
Celebrate World Password Day with a password audit
May 5, 2022 marks the ninth anniversary of World Password Day, an event created by Intel to raise awareness about the importance of strong passwords. For more than 60 years we have relied on passwords to secure our personal... Read More
Virginia Consumer Data Protection Act
The Virginia Consumer Data Protection Act (VCDPA) was recently signed, making it the second state that has signed a consumer privacy regulation into law. This legislation follows what was implemented in California by way of the California Consumer Privacy... Read More
NIST MFA guidelines
End-user passwords are often the weakest link in IT security, providing the path of least resistance for an attacker looking to penetrate business systems. Users commonly choose easy to remember, and consequently, easy to compromise passwords. In IBM’s Cost... Read More
2022-2023 NIST 800-63b Password Guidelines and Best Practices
The most basic form of authentication is the password. Despite many advancements in cybersecurity, the username and password, although outdated, are still used as the most common form of authentication today. Enterprise environments have long used password policies to... Read More