Product showcase: Securing Active Directory passwords with Specops Password Policy
Password policies are a cornerstone of cybersecurity for any organization. A good password policy ensures every end user has a strong and unique password, significantly reducing the risk of unauthorized access and data breaches. These policies not only protect sensitive data but also align with best practices and compliance requirements, such as those outlined by NIST.
Specops research has found that passwords are still used by 88% of organizations. So even if they can cause frustration for IT teams and end users alike, Active Directory passwords need to be centrally secured and managed. Securing your Active Directory with a robust password policy plays a key role in maintaining the overall security posture of your organization.
A third-party tool Specops Password Policy can make life much simpler for IT professionals tasked with the important job of securing their Active Directory environment. In this blog, we’ll explain how Specops Password Policy integrates seamlessly with Active Directory, prevents the creation of weak or easily breached passwords, blocks over 4 billion compromised passwords, and offers a straightforward interface for administrators to enforce compliance.
What does Specops Password Policy do?
Specops Password Policy enhances organizational security with several key features tailored for robust password management. The custom dictionary feature allows organizations to block specific phrases that are easily identifiable, such as your company name, product names, and other common terms related to your industry. This can be further refined using Regex to target specific patterns, ensuring that passwords are not only unique but also harder to guess.
The password complexity settings in Specops Password Policy are designed to enforce strong security measures. Organizations can set detailed requirements including password length and inclusion of various character types, or the use of passphrases instead of passwords for added security. These features are crucial in protecting against targeted attacks by ensuring that passwords are complex and difficult to crack.
Passphrase requirement options
For password expiration, Specops offers customizable policies that encourage the creation of stronger passwords by extending the time before a password needs to be reset, based on its length. This approach is known as length-based ageing and not only enhances security by prompting regular updates to passwords but also aligns with user convenience, reducing the frequency of mandatory changes and thereby decreasing both user frustration and support desk tickets.
Password expiration options
You’ll also be able to use the password history feature to prevent the reuse of old passwords by blocking elements such as usernames, display names, consecutive characters, and incremental passwords. This ensures that each new password is unique and secure, further safeguarding the organization from potential security breaches.
Advanced features of Specops Password Policy
Breached Password Protection
Specops Password Policy’s Breached Password Protection is a powerful feature that blocks over 4 billion unique compromised passwords from being used within your organization. The Specops breached password database is regularly updated by a real-time attack monitoring system that tracks live brute force attacks, along with malware-stolen data gathered by a dedicated human-led Threat Intelligence team.
Its continuous scan capability is particularly noteworthy, as it detects compromised Active Directory passwords on a daily basis—not just during password changes or resets. This is particularly valuable if end users are taking strong passwords from work and reusing them on personal devices and applications, leading to their compromise outside of your immediate work environment.
How continuous scanning works
Security and compliance
Specops Password Policy offers readymade compliance templates and a comprehensive reporting tool, ensuring that organizations can easily meet various cybersecurity and privacy standards. These include regulations such as NIST, CJIS, NCSC, ANSSI for cybersecurity, plus CNIL, HITRUST, and PCI for privacy.
This comprehensive approach is further supported by customizable notifications and targeted policies for different user groups, significantly easing the workload on support teams while bolstering security measures. IT teams can also use audit trail features to track changes and access.
Integration and deployment
One seamless Active Directory integration is all Specops Password Policy needs to greatly reduce your organization’s attack surface through a simple interface. This makes things simple for IT teams, reflected by Specops’ Gartner rating of 4.5 for integration and deployment. The end user experience is also improved with the Specops Client. As shown below, the end user is given dynamic feedback on how to comply with the policy at the password reset screen, rather than a frustrating ‘you didn’t meet the requirements’ message with Windows alone.
Comparison of the default Windows and Specops Client password reset screens
Try Specops Password Policy
We asked Daniel, Head of IT at a UK pharmaceutical company, whether he’d recommend Specops Password Policy. He said: “Yes, 100%, and I do so frequently. I recommend Specops Password Policy because of its simplicity of installation and management. Once it’s set up you don’t need to mess with it. I also recommend it because of its effectiveness. Overnight, by the time we would chase users about passwords they need to fix, the problem is solved. Specops Password Policy is very simple to use and high value. It didn’t upset a single user and the price made it a no-brainer – it’s an ideal solution for us.”
Verizon research estimates that stolen credentials are the initial action in 77% of web application attacks and 50% of social engineering attacks – so securing your Active Directory is more important than ever. See how Specops Password Policy can fit with your organization and reduce your attack surface with one simple integration.