As long as users continue using common/predictable passwords, dictionary attacks will continue to work. Hackers are not the only ones who can take advantage of password predictability. The best protection against a dictionary attack is using a dictionary during... Read More
How to create a fine-grained password policy in AD
For the first eight years of Active Directory, the only native way of having multiple password policies in your AD forest, was to have multiple domains. When Windows Server 2008 arrived on the scene, Microsoft introduced the concept of... Read More
New MFA requirements for PCI password compliance
The Payment Card Industry Data Security Standard (PCI DSS) regulates security practices to protect cardholder data. Password compliance plays an important role in the PCI standards by dictating password complexity to strengthen defense against unauthorized access. New requirements coming... Read More
The role of passwords in HIPAA compliance
Healthcare is a high value target for hackers given the nature of the data and its poor security stance – ranking the sixth lowest, in security performance across industries. Passwords are the first line of defense against cyberattacks and... Read More
NIST password compliance guidelines – What they are and how you can meet them
The new password guidelines from National Institute of Standards and Technology (NIST) are changing how companies and organizations view password security. The guidelines say: Do allow for longer passwords and choosing original secret questions, Don’t allow users to choose... Read More
“123456” and “password” continue to be the most commonly used passwords, when will people learn?
Here is a list of the top 25 most common passwords of 2016. Your policy may not allow weak passwords such as 123456 or password, but even if the password complexity requirement is enabled in the standard Windows Password... Read More
PCI password security checklist
The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards that were developed to protect card information during and following a financial transaction. The PCI DSS applies to any merchant or service provider that handles,... Read More
Are PCI compliant passwords good enough?
Wide-scale attacks and hacks on large enterprises may be dominating the news headlines, but small and medium sized businesses are the real targets that are under-reported. According to a Visa analysis, small merchants accounted for more than 80 percent... Read More
Will you pass a HIPAA audit?
One of the most valuable types of data is online healthcare patient data. Multiple Health Insurance Portability and Accountability Act (HIPAA) breaches in the past showed that fraudsters obtained the records and filed false claims with insurers or bought... Read More