Specops Software, a password manager, and authentication solutions vendor published a new report this week explaining how the company’s breached password protection policy can spot over 2 billion known breached passwords in users' Active Directory.
Specops Breached Password Protection offers a service that scans a user’s Active Directory passwords against a dynamically updated list of vulnerable passwords. The list contains over 2 billion passwords from known data leak incidents as well as passwords used in real assaults happening currently.
Specops also restrict users from designing passwords vulnerable to dictionary assaults by blocking commonly employed passwords. During a password change, the password scanner blocks any passwords identified in the database with a dynamic response for end-users.
Additionally, it designs a custom dictionary containing potential passwords relevant to users work place, including firm names, locations, services, and relevant acronyms.
According to security analysts at Specops, password attacks work because users set predictable passwords. When asked to set a complex password, users employ familiar steps that attackers can easily crack. For example, starting with a common word, followed by a number and/or special character. The length of the password is also very defensive.
Specops scanned over 800 million known exploited passwords, up to 83% of passwords were present in vulnerable password databases meaning they were unable to meet regulatory password standards. To finalize the result, security analysts compared the construction rules of 5 different standards against a dataset of 800 million exploited passwords.
“You can install Specops Password Auditor on any workstation that’s joined to your Active Directory. From the outset, you can download a database from us, which is updated every three months, based on the biggest leaks that have happened in that three-month period, plus the most common hits against our master database,” Darren James, password and authentication analyst from Specops explained.
“The database downloaded by the user consists of over 800 million of the most commonly breached and leaked password hashes, while our master database, updated daily, contains 2.6 billion hashes. You can export reports showing the results into a script or document to send to members of your organization. From here, Password Policy helps to solve the problem by eliminating breaches and weak passwords and ensuring that passwords are compliant.”