Monitoring for malicious password filters

TLDR; Below, I cover some information on password filters and provide a script and instructions on how to monitor against the placement of a malicious password filter. Password Filters can intercept clear-text passwords during password changes and can be planted on systems using phishing or malware. In a recent post regarding...

Read more...

Password Policy Playbook – Eliminate dangers of old accounts

Adopting a new password policy is a great idea.  However, do not forget about old unused accounts that may have weak passwords.  What if an account was created for a new employee years ago? Maybe they never showed up and had a default password of "Company123" and the account...

Read more...

Passphrases and breached passwords

Passphrases are great and we encourage everyone to consider a passphrase-based password policy when implementing our nFront Password Filter product. However, I wanted to raise awareness around passphrases. Though you may have adopted a passphrase policy, it is still a great idea to check against breached passwords and...

Read more...

How To Create A Hack-Proof Dictionary Blacklist

Password blacklisting, dictionary blacklisting, aka dictionary checking, is a very important security measure to have in place for passwords. Dictionary checking prevents the use of common passwords like Password, Welcome, Summer, and Baseball. We all know these passwords are insecure and ineffective to secure a computer. Therefore, why are we allowing these passwords...

Read more...

Top 5 Password Policy Mistakes

Every day when I speak to various members of IT departments that are interested in the nFront Password Filter, there are a few common topics that we speak about during our conversations. First, he or she will mention that they have a written password policy that every employee is instructed to...

Read more...

NCSC Password Guidance and Recommendations

The NCSC (National Cyber Security Centre) provided guidance for Systems Administrators to simplify their approach to passwords. This guidance is not mandatory, but rather recommendations to eliminate the risk of breaches due to weak passwords on a company network. Furthermore, NCSC’s guidance is intended to reduce the daunting task of...

Read more...