Weak passwords are a problem waiting to happen – Verizon estimates that 80% of hacking-related breaches come from weak or stolen passwords. They’re the most common way for people to access their accounts and applications, making them an obvious... Read More
News and Research
Categories
MFA prompt bombing: How it works and how to stop it
User credentials are golden prizes for attackers. Weak or breached credentials provide an easy target for attackers looking to log in to a network instead of breaking in. Most businesses have caught on to the fact that multi-factor authentication... Read More
Six ways to apply the principle of least privilege to your Active Directory
The principle of least privilege is simple but important: it states that users only have the minimum access necessary to perform their job. For organizations using Active Directory (over 90% of the Fortune 100), this means the minimum necessary... Read More
Business email compromise: Practical ways to reduce your risk
Everyone uses email – you’d struggle to find a business that doesn’t. Unfortunately, for a form of digital communication we’ve been using since the 80s, it’s still very easy for cybercriminals to attack. As a result, email is the... Read More
[New Research] Best Password Practices to Defend Against Modern Cracking Attacks
Today, the Specops research team is publishing new data on how long it takes modern attackers to brute force guess user passwords with the help of newer hardware. This data with the latest addition of over 15 million compromised... Read More
What IT Teams should do about security concerns around the new Google Authenticator sync feature
Recent news of security concerns around a new feature in Google Authenticator may have IT teams wondering if they need to adjust any reliance on the app for authentication within their networks or apps their organizations use. Launched in... Read More
Long Live the Secure Password! Royal themes discovered within compromised password lists
With King Charles III’s coronation this weekend we’ve analyzed our Breached Password Protection list and discovered a royal connection. Around 350 million people are expected to watch May 6th’s historic coronation in the UK so we’re checking to see... Read More
May The Force stay far far away from your AD #StarWarsDay
It’s back and better than ever! We’re celebrating #StarWarsDay with an updated list of the most used Star Wars themed passwords that top the Specops Breached Password Protection list. The Specops Breached Password Protection database includes the HaveIBeenPwned list,... Read More
Cyber insurance requirements for Active Directory
If you’ve noticed that your organization’s cyber insurance premiums have increased over the last year, you’re not alone. With evolving cyber threats, the rise in ransomware attacks, and the ubiquity of hybrid and remote workforces, insurers are responding by... Read More
Stale user accounts report in Active Directory
Stale (inactive) user accounts in Active Directory can provide attackers (and former employees) with an easy path into a corporate network. Even if the stale user account is not a privileged account, it can be used for privilege escalation... Read More