Warning: Creating default object from empty value in /nfs/c09/h03/mnt/132495/domains/blog.nfrontsecurity.com/html/wp-content/themes/headlines/functions/admin-hooks.php on line 160
Archive | Creating a Strong Password RSS feed for this section

A Better Password Policy in 10 Minutes

We completely understand, you had an audit last year and one of your action plans were to create a more secure password policy because employees were using 1 as their password. Chances are, there are probably numerous words like “summer,” “password,” and “January” being used in passwords. These are obviously not secure passwords and you’re […]

Read more

nFront Password Filter versus Fine-Grained Password Policies

With fine-grained password policies (FGPP), IT Administrators can create multiple different password policies within a single domain. The two enhancements that fine-grained password policies can provide are different password policies and account lockout policies for different sets of users in one Active Directory. For example, a more strict password policy can be created for privileged […]

Read more

Utilizing DumpSec (formerly DumpACL) to Obtain PWAge and Scale Back to Conformity

DumpSec (formerly DumpACL) is an auditing tool for permissions, users, and groups that allows the domain administrator(s) to see specific actionable infomation in an easily readable format. This tool was created by a company called SomarSoft and has proved to be beneficial in Windows Active Directory (AD) environments across the globe. The tool can be […]

Read more

5 Minute Guide: Passphrases

Many clients have asked about password best practices and the concept of passphrases. Passphrases are a secure solution to the everyday password problem. End-users are upset that they have to create a longer, more secure password that can be difficult to remember when faced with the two requirements of using all 4 character sets and […]

Read more

Using ‘dsquery’ to Identify Accounts Expiring Within a Specified Time

The dsquery command is useful for obtaining information about objects located within an Active Directory environment. With the ability to implement a wide range of filters, this command is beneficial for obtaining specific information. One use case for this tool is to obtain a list of users within a certain OU who have not changed […]

Read more

HITRUST Password Requirements

The Health Information Trust Alliance, also known as HITRUST, is an organization that created the Common Security Framework (CSF). The HITRUST Alliance is a non-profit organization with a program set up to standardize compliance requirements amongst many industries. A few examples of compliance standards that have been included are: federal legislation (ARRA and HIPAA), federal […]

Read more

The NEW Azure AD Password Protection Service by Microsoft Azure

This is not the first nor last attempt Microsoft will make to help companies stop easily cracked passwords from being used as end-user passwords. Back in 2016, Microsoft attempted to ban easily hacked passwords on Microsoft Account Service and Azure Active Directory, but none of their other platforms. However, many articles online showed the shortcomings […]

Read more

Password Policy Strengthening Options

Humans are very predictable and unless we are the victim of a substantial data breach, we will probably assume our company’s network is safe and we are doing a decent job protecting it. Companies may slide by for years and not be on a hacker’s radar; but truth be told, if you are not taking […]

Read more

Yubico’s New USB Security Key Review

Recently, Yubico released a new security key to create a passwordless login for Windows 10. The YubiKey USB key is currently only available for Windows Technology Adoption Program users. Seems like a great idea, right? Wrong. A passwordless login with a USB key sounds like an easy, secure way to eliminate the use of passwords. […]

Read more

Stanford Password Policy Explained

Back in April 2014, Stanford University created a password policy which let end-users determine the level of complexity for their own password. Shorter passwords will result in an end-user using more character types and longer passwords will result in an end-user using fewer character types. Here is the breakdown of the Stanford Password Policy: 8-11 […]

Read more