Enterprise Password Management Beyond Active Directory

You’re serious about protecting Active Directory passwords in your organization, but what about the rest of the passwords in use in your organization?

Your employees are likely using dozens of logins in the course of their work days. They’re using these passwords to login to sites where they post social content, detail project plans, access paychecks, sign contracts, communicate with customers, manage projects with vendors, submit code revisions, and more.

Whether these are approved software vendors or shadow IT websites, you don’t have control over the password policies of these websites and can’t prevent the use of weak or leaked passwords. And when sensitive info is stored in these online tools, that password becomes even more of a liability.

A Breach is a Breach

Customers don’t care if their sensitive information that was breached was stored in a website used by your organization or in Active Directory itself. They care that it was breached. Regulators may also take issue with data leaked through a third party if proper security agreements and enforcements were not in place.

How are your employees storing passwords today? Are they just writing them down? Storing them in an insecure doc on their computer? Using the same password again and again?

Insecure password management practices put your organization at risk.

Here are just a few examples of web services used for work that have experienced a breach:

Adobe – 153 million email addresses and passwords
Dropbox – 68 million email addresses and passwords
Comcast – 590,000 email addresses and passwords
Canva – 61 million accounts including passwords
Bitly – 9 million accounts including passwords

With an enterprise password manager, you can protect every password in use in your organization. Bring the same level of protections you want on an Active Directory password to the rest of the passwords in use in your organization.

Don’t Let the Fact That You Don’t Have Control Over Shadow IT Stop You from Securing Those Logins

So, what can you do about it?

First, you can make sure the passwords used on these sites are strong and not leaked. Making use of an enterprise password manager with a solid breached password detection service can mean more insight and more protection for the passwords you don’t control.

Second, you can prevent the reuse of passwords across sites. When a website your employees are using is breached, you can at least be sure that that compromised password isn’t being used anywhere else. A good enterprise password manager will give you admin-level insights into the password vulnerabilities that exist beyond your Active Directory.

The Importance of Strengthening the Enterprise Password Manager Login

Encouraging the employees in your organization to make use of the enterprise password manager which your organization has secured means that protecting access to their password manager vaults is of upmost importance.

How should you secure it?

A common implementation for businesses is to integrate Active Directory with their password manager. This allows for seamless onboarding and offboarding as administrators can utilize existing Active Directory functionality to grant and remove access.

The other piece of the integration is to utilize the Active Directory password as the master password. Many organizations choose this path to enforce additional security measures for that main master password.

If you’re using an enterprise password manager today, you can use Specops Password Policy to enforce the following measures on the master password.

Prevent the use of over 4 billion compromised passwords
Block the use of any word relevant to your organization via a custom dictionary
Block Active Directory usernames, incremental passwords, display names, consecutive characters and more
Dynamic feedback on password change and friendly end-user messaging

With Specops Password Policy, you can easily enforce compliance requirements, block dictionary words, and help users create stronger passwords. Specops Password Policy extends the functionality of Group Policy and simplifies the management of fine-grained password policies. The solution can target any GPO level, group, user, or computer with dictionary and passphrase settings. Together with Breached Password Protection, you can also block the use of over 4 billion compromised passwords.