TLDR; Below, I cover some information on password filters and provide a script and instructions on how to monitor against the placement of a malicious password filter. Password Filters can intercept clear-text passwords during password changes and can be planted on systems using phishing or malware. In a recent post regarding...
Adopting a new password policy is a great idea. However, do not forget about old unused accounts that may have weak passwords. What if an account was created for a new employee years ago? Maybe they never showed up and had a default password of "Company123" and the account...
Passphrases are great and we encourage everyone to consider a passphrase-based password policy when implementing our nFront Password Filter product. However, I wanted to raise awareness around passphrases. Though you may have adopted a passphrase policy, it is still a great idea to check against breached passwords and...
Password blacklisting, dictionary blacklisting, aka dictionary checking, is a very important security measure to have in place for passwords. Dictionary checking prevents the use of common passwords like Password, Welcome, Summer, and Baseball. We all know these passwords are insecure and ineffective to secure a computer. Therefore, why are we allowing these passwords...
Every day when I speak to various members of IT departments that are interested in the nFront Password Filter, there are a few common topics that we speak about during our conversations. First, he or she will mention that they have a written password policy that every employee is instructed to...
Did you know that one in six people select their pet’s name as their password? To put this more into perspective, the last year the US Census was taken that categorized the US population into age groups was 2014. In 2014, there was 251,626,870 people in the age groups from 15...
It seems like almost weekly we are seeing headline news stories of a new company falling victim to a data breach. There are many different reasons why a company is breached: Denial of Service Attacks, Malware Attacks, Password Attacks, and so many more! According to Verizon’s 2023 Data Breach Investigation Report,...
The NCSC (National Cyber Security Centre) provided guidance for Systems Administrators to simplify their approach to passwords. This guidance is not mandatory, but rather recommendations to eliminate the risk of breaches due to weak passwords on a company network. Furthermore, NCSC’s guidance is intended to reduce the daunting task of...
Biometric authentication has a lot of appeal; the idea of not having to remember passwords or PIN numbers and not having to use a physical key fob or smart token sounds great. However, everyone seems to overlook a major problem with biometrics. Suppose you have a network system with a large user base. Your large...
