Country: United Kingdom

Industry: Charity

Goal: Fix weak and easily cracked passwords flagged by external pen test; achieve Cyber Essentials accreditation; reset passwords from Chromebooks

Result: Zero insecure passwords flagged in follow-up pen tests; achieved Cyber Essentials accreditation; remote and hybrid users able to reset passwords from Chromebooks

Solution: Specops Password Policy with Breached Password Protection and Specops uReset

Pen tests often reveal what some IT managers might suspect: that their users are choosing really weak Active Directory passwords.

As the newly appointed Infrastructure and Cyber Resilience Lead, Marc Green discovered that his organisation’s passwords were weak and easily cracked through a recent pen test.

“Security had been a bit of a mess – we discovered some very obvious passwords were being used, like using the name of our organisation or the word ‘password’ with funny characters,” shared Marc.

Marc works for Parkinson’s UK, the largest European charitable funder of Parkinson’s research. The charity offers support and information to people affected by Parkinson’s Disease, their families and carers through a network of 350 local groups across England, Wales, Scotland and Northern Ireland.

The pen test had recommended deploying a password deny list. Some googling led him to Specops Password Policy. He now uses Specops Password Policy to encourage passphrases with length-based password aging that has been a hit with his 500 end users who now get more time before they have to reset their passwords. Marc is also utilizing the Breached Password Protection feature to continuously block over 4 billion compromised passwords. Both of these features combined has meant subsequent pen tests have not found any password issues.

A bit later, Marc found a need for a solution to help his users (who are 50% remote and 50% hybrid) reset their AD passwords from their Chromebooks. His users are now able to securely reset their AD passwords from their Chromebooks through a Specops uReset link. The web interface provides dynamic feedback that includes a length-based password aging meter that calls out how many more days the user will get before they have to reset their password.

Both Specops Password Policy and Specops uReset also helped Marc’s team achieve their Cyber Essentials accreditation that helps prove to partners and government entities that they take cybersecurity seriously and that their sensitive data is in safe hands.

Would Marc recommend Specops Password Policy and Specops uReset?

“Yes I really would and I have done to peers at other organisations. It’s really helped change the behavior of our users. They can see the benefits of using passphrases which is good. Specops also has really helped us in achieving Cyber Essentials accreditation by far exceeding what they ask for.”

SPP mockup computer
See how Specops Password Policy can work for your team.