This website uses cookies to ensure you get the best experience on our website. Learn more
What is the NCSC guidance on password managers?
To keep our accounts secure across the multiple services that we use, we need to choose strong passwords that are unique for each account or service. Yet, 52% of people reuse the same password for multiple accounts.
Remembering multiple strong passwords for perhaps dozens of accounts is challenging, but can be solved with a password manager. The National Cyber Security Centre (NCSC), the UK’s cyber security authority, recommends the use of password managers for consumers and businesses.
The NCSC provides the following guidance in regards to securing your password manager:
- Use multi-factor authentication (MFA) on the password manager account
- Apply security updates and keep your password manager up-to-date
- Use a strong master password, preferably a passphrase of three random words together
For system owners, the NCSC provides a buyer’s guide to enterprise password managers. The guide includes considerations for security features, and Active Directory integration. The NCSC is also the publisher of the Cyber Essentials password compliance guidelines.
Active Directory integration in password manager according to NCSC
NCSC’s take on password managers is to integrate Active Directory with a password manager. This implementation is a common cyber security measure. The integration allows a seamless onboarding and offboarding as administrators can utilize existing Active Directory functionality to grant and remove access.
The other piece of the integration is to utilize the Active Directory password as the master password. Many organizations choose this path to enforce additional security measures for that main master password.
If you’re using an enterprise password manager today, you can use Specops Password Policy to enforce the following measures on the master password.
- Prevent the use of over 4 billion leaked passwords
- Block the use of any word relevant to your organization via a custom dictionary
- Block Active Directory usernames, incremental passwords, display names, consecutive characters and more
- Dynamic feedback on password change and friendly end-user messaging
With Specops Password Policy, you can easily enforce compliance requirements, block dictionary words, and help users create stronger passwords. Specops Password Policy extends the functionality of Group Policy, and simplifies the management of fine-grained password policies. The solution can target any GPO level, group, user, or computer with dictionary and passphrase settings. Together with Breached Password Protection, you can also block the use of over 4 billion compromised passwords.
Learn more about Specops Password Policy and download a free trial.
(Last updated on December 20, 2024)
Related Articles
-
How to configure the NCSC password list in AD
Passwords are one of the weakest links when it comes to ensuring that your environment is secure. Traditional user accounts and the associated passwords have long been the default security mechanism found in most environments. With the very advanced and evolving threats that exist today, passwords are certainly one of the primary targets of cybercriminals. …
Read More -
Guide to NCSC’s Cyber Essentials password policy compliance
Passwords play an important role in the Cyber Essentials scheme. If you are planning for Cyber Essentials accreditation, you will need to make sure your password policy is up to the challenge.
Read More -
How and why the NHS should transform password policy for greater security
The password policy guidance from the NHS doesn’t stand a chance against today’s attacks. With a single breach opening the door to other systems, the NHS needs to stop users from using vulnerable passwords.
Read More