Specops Software Blog

devices with password requirements

FFIEC password requirements

Cyberattacks often target the financial industry due to the nature of the information they possess. One of the organizations that provide cybersecurity guidance and standards for financial institutions is the Federal Financial Institutions Examination Council (FFIEC). While the FFIEC does not offer specific password characteristics... Read More

banned passwords

Troubleshooting tips for Azure AD banned password list

Not all implementations of Azure AD password protection go smoothly. This blog explores some quirks with the banned password lists, and offers remediation tips related to them.   Understanding the Scoring System  Many teams get tripped up when establishing their password policies in Azure AD and for good reason. First,... Read More

coding with lock

Open ports and their vulnerabilities

One of the age-old tenets of good network security is only open network ports that are necessary and make sure you have protection around any port open to the outside world.    Open ports provide attackers with an opportunity to compromise... Read More

locks highlighted and lined up

Why cached credentials are causing account lockouts

Active Directory user accounts can get locked out due to a number of reasons, especially when working remotely. Windows systems can cache credentials for users. Yet, cached credentials causing account lockouts is a major problem for remote users.   Cached Active Directory credentials  To understand the purpose of... Read More

music notes and password security

Defending Your Network from RockYou2021 

In June 2021, a large data dump was posted to a popular internet hacking forum. This dataset was termed “rockyou2021,” named after the popular password brute-force wordlist known as Rockyou.txt.   Media and Twitter alike were abuzz with what to... Read More

laptop with login screen

Microsoft password expiration recommendation

Microsoft Active Directory provides built-in password policies to control various aspects of password management in the environment. One of the password configurations traditionally controlled at the password policy level is password expiration. Many organizations use password expiration policies to secure Active Directory accounts as part of... Read More