Free AD password auditing with Specops Password Auditor.
Free Password AuditorFollowing a penetration test that revealed a significant percentage of passwords could easily be cracked by attackers, the IT security team at Clatterbridge Cancer Centre turned to Specops Password Policy to enforce stronger passwords.
The Clatterbridge Cancer Centre NHS Foundation Trust is a leading UK cancer healthcare center that provides specialist care to 2.4 million people across Cheshire, Merseyside, and surrounding areas like North Wales and the Isle of Man. As the Trust handles sensitive data, robust security is paramount. That’s why the IT security team chose Specops to remediate password vulnerabilities exposed in a penetration test.
Andy Kilbane, the Digital Systems Security Specialist at Clatterbridge Cancer Centre, shared that Microsoft’s default domain policy complexity enforcements were revealed to have significant gaps from a recent internal penetration test:
We were able to crack a very high percentage of our passwords in under 3 seconds. Obviously, we then knew our password policy wasn’t complex enough. “Password1” as far as the Microsoft password policy was concerned, was a complex password.
To uncover the full extent of the password problem and mitigate other password-related vulnerabilities, the Trust used the free Specops Password Auditor tool to identify compromised passwords, as well as stale accounts and accounts with no password expirations. They then used the executive summary feature to help communicate the problem to the board.
The decision was made to enforce longer passwords along with passphrases, without compromising usability for users or the IT team. Andy explains,
We went out and looked at some other products and Specops Password Policy just looked like the easiest one to use. It didn’t seem like it would be something that you’d have to babysit a lot. It was just set it up, and let it go.
For the end-users, who are typically resistant to change, Andrew turned to the length-based password aging feature to reward users who choose longer passwords. This feature correlates the password expiration period with the length of the password – the longer the password, the longer the expiration period.
The end-user client messaging, with real-time dynamic feedback was also used to help with the user experience:
When people did change their password, they would get the user interface to tell them what their password needs to be set as. We found that was really useful as well, helping users pick new passwords and that by picking longer passwords or passphrases they could have a longer expiry time.
The feature, when deployed alongside Specops Breached Password Protection, provides dynamic feedback to the end user highlighting which rules have not yet been fulfilled, as well as whether the password they are attempting to choose is a known compromised one.
When we asked Andy whether he would recommend Specops Password Policy, he said:
It has definitely helped with our password vulnerability. The roll-out was great and support has always been brilliant. The option for users to choose between password and passphrase, I can’t see why any organisation, wouldn’t want that flexibility. It just doesn’t go wrong, it works and is nice hassle-free software.
Intrested in seeing how Specops Password Policy can work in your environment?
Fill out the form to set up a demo or trial today.