Remote workforce makes organizations more vulnerable to password attacks

Stockholm, April 1, 2020 – With remote working exponentially growing as companies respond to the COVID-19 pandemic, password security has become more important than ever. Specops Software announced today the latest updates to the compromised password list, a solution to continuously check if an account in Active Directory is using a leaked password.

Adding a leaked list check to your password security helps solve for two remote work security issues:

  • Expiring passwords. When users are off-network, they don’t receive reminders that they need to change their passwords. When these passwords expire, locally cached credentials create login issues and increased calls to the service desk. One solution IT admins can take is to set password to never expire for the duration of the crisis; however, this increases the security risk if that password is a breached one or becomes breached.
  • Undetected attacks. Password spraying attacks can go undetected in this new reality, since people are using a variety of devices and physical locations to access company resources. One solution IT admins can take is stop these attacks by proactively identifying all weak and leaked passwords currently in use with a free tool like Password Auditor.

The stronger your organization’s password solution is, the better protected your organization is against security risks like these.

Today’s update to Specops Breached Password Protection expands the password deny list to include credentials from the infamous Collections #3-5.

Collections #2-5 included over 845 gigabytes of data, with a total of 25 billion email/password records. Security researchers at Hasso Plattner Institute estimated that Collections #2-5, after removing duplicates, has about three times as much data as Collection #1.

The Specops password list, which includes over 4 billion passwords from the Collection leaks and thousands more sources, is available as a secure list in the cloud or as a condensed list stored locally in the customer’s environment.

 “The current crisis means that organizations are more vulnerable than ever to cyber attacks,” said Lori Osterholm, CTO at Specops Software. “Hackers are taking advantage of the situation and hoping that organizations will let down their guard when monitoring their systems for vulnerabilities. Hackers are also using the stress regular users are feeling and crafting phishing scams to match the current situation. Protecting your organization from weak and leaked passwords has never been more important.”

Specops Breached Password Protection works together with Specops Password Policy so that companies and organizations can block all passwords found on the password leaked list, making it easy to comply with industry regulations, like NIST or Cyber Essentials. The service blocks people from choosing banned passwords and informs as to why they cannot use the password.

Learn more about how Specops can help continuously protect Active Directory environments from leaked passwords.

About Specops Software 

Specops Software is the leading provider of password management and authentication solutions. Specops protects your business data by blocking weak passwords and securing user authentication. With a complete portfolio of solutions natively integrated with Active Directory, Specops ensures sensitive data is stored on-premises and in your control. Everyday thousands of organizations use Specops Software to protect business data.

Media Contact

(Last updated on October 26, 2023)

Back to Blog