Country: United Kingdom
Goal: Fix weak and easily cracked passwords flagged by external pen test
Result: Deployed passphrases and continuous breached password scans to achieve zero weak passwords flagged in multiple follow-up pen tests
Daniel first sought out Specops Password Policy after an external pen tester was able to easily crack some of his pharmaceutical company’s passwords.
As Head of IT, it was down to Daniel to find a solution to that could enable his organization to roll out longer passphrases. After a quick Google search, Daniel came across Specops Password Auditor, our free tool that scans Active Directory for password-related vulnerabilities.
“The first thing we did was run a scan with Specops Password Auditor to find out how many other passwords were rubbish,” shared Daniel. “The results were scary – something like 30% of our users had known compromised passwords.”
Prior to deploying Specops Password Policy and Breached Password Protection, Daniel’s team had been relying on just out-of-the-box Microsoft solutions which was why the pen tester had been able to successfully attack the passwords.
Dark web scanning was a must-have for Daniel. “We had looked at solutions we could rig up ourselves like the HaveIBeenPwned API but we wanted someone we could ring if things broke,” explained Daniel. “Specops being a Microsoft Gold Partner and having the GPO support was essential.”
HaveIBeenPwned is one of many sources used to power the over 4 billion compromised passwords in Specops Breached Password Protection.
After deploying Specops Password Policy and Breached Password Protection, Daniel’s team was able to deploy passphrases and continuously block the use of compromised passwords. His team has had other pen tests conducted since and the testers can no longer crack the organization’s new passwords, even after a week’s worth of trying.
“Most things you need to acquire to solve for what’s highlighted in a pen test are expensive are hard to procure,” offered Daniel. “The thing that was great about Specops is that it was simple to procure and very easy to deploy. It didn’t upset a single user and the price made it a no-brainer.”
Would Daniel recommend Specops Password Policy and Breached Password Protection?
“Yes 100% and I do so frequently. I recommend Specops Password Policy because of its simplicity of installation and management. Once it’s setup you don’t need to mess with it. I also recommend it because of it’s effectiveness – overnight by the time we would chase users about passwords they need to fix, the problem is solved. Specops Password Policy is very simple to use and high value. It’s an ideal solution for us.