World Password Day comes and goes each year on the first Thursday of May to emphasize the importance of password security in the minds of the public. This goal is vital. The 2018 Verizon Data Breach Investigations Report states that stolen credentials are the leading cause of all data breaches. Data is precious and if the password—considered the first line of defense—protecting data is not strong enough, there’s a good chance your organization will appear in a news article about the next big data breach.
While experts have been predicting the “death of passwords” for a long time, passwords are still the most common form of authentication. How do you, as an IT admin, ensure employees in your organization follow good password habits so their identity is safe from sophisticated password attacks? Our integrated Active Directory self-service password management and single sign-on (SSO) solution, ADSelfService Plus, can help.
Enforce good password habits
The password policies available in most applications allow users to set weak passwords, like Password123. These passwords may be easier for employees to remember, but they’re also easier for cybercriminals to guess.
If employees continue to set weak passwords for their accounts, force them to set strong ones. With ADSelfService Plus, you can efficiently enforce advanced password rules such as dictionary rule, pattern check, and other rules.
Fig 1. Password policy rules available in ADSelfService Plus.
These rules can be enforced across multiple platforms, such as Active Directory, Office 365, Salesforce, G Suite, and more. ADSelfService Plus automatically synchronizes the passwords across these platforms so that users have just one, very strong password to remember.
Fig 2. Extending password policy to other platforms.
To help users choose a strong password, ADSelfService Plus can be set to display the exact password policy requirements on the Windows change password screen. The text can be customized to suit your requirements.
Fig 3. Displaying password policy requirements to end users in Windows Change Password screen.
Add an extra layer of security with two-factor authentication
While strong passwords can fend off many attacks, even a strong password is still vulnerable to keylogger and phishing attacks. To completely prevent cyberattackers from gaining control of your users’ identities, it is vital to add another layer of authentication.
ADSelfService Plus supports two-factor authentication (2FA) for local and remote desktop Windows logons as well as for cloud applications.
When enabled, users have to enter their username and password first, then authenticate an additional time through a one-time passcode or fingerprint to gain access to their workstations or enterprise applications. Enabling SSO to cloud applications also eliminates the password attack surface and prevents phishing attacks.
Fig 4. Logging into Windows using two-factor authentication
Take a pledge this World Password Day, May 2, to enforce good password habits among your users and to help secure their identities. You can try ADSelfService Plus by downloading a 30-day free trial.