Password Security Strengthening

Are your users using secure passwords? Do they follow the anticipated password policy?


Service

Does Summer2020, Winter2020 or Welcome2021! seem oddly familiar to you? Many employees use poor passwords such as the name of the company, an address, their daughters name, season, and year etc. The use of poor passwords can lead to attackers guessing passwords of your users and abusing it in an attack.

With our Password Security Strengthening service, we can help improve your password security. It consists of four parts:

  • Review of password policies - We review your password policies for possible improvements and if they are properly implemented.

  • Password analysis - Based on an extract of your password database, we attempt to crack each user’s password. We analyse the results and provide detailed information on the structure of passwords used.

  • Configuration of blacklisting solution - Using the knowledge from the password analysis we help you set up and configure a password blacklisting solution that prevents the use defined words.

  • Presentation on password security - We perform an engaging presentation on password security with easy-to-understand methods to create and remember passwords.


Value

  • Get confidence your password policies are adequate and properly configured.

  • Gain insights into how your employees create passwords.

  • Mitigate use of poor password with a password blacklisting solution.

  • Create awareness and train your employees on password security.

Deliverables

  • A written report with

    • Executive summary

    • Suggestions for new password policies if needed.

    • A password analysis on your user’s current password usage such as the length, use of common words, do they follow the required policies and more.

  • Fully functioning password blacklisting solution will have been configured in your environment.

  • Presentation for your employees on password security.


 

Methodology

When reviewing the implemented password policies, we compare the expected password policies from approved IT policies to the currently implemented password policies to identify any deviations. We also assess if the desired password policies are sufficient for your organization by assessing your risk and how well they follow best practice.

For the password analysis we use specialized password cracking equipment on extracts from your Active Directory provided by you. We will perform the cracking in time-boxed scenario of typically up to a week, where we should have been able to crack a large portion of the passwords. Using specialized tools, we analyse the passwords in terms of their length, complexity, use of common words and more.

The password blacklisting solution will be configured locally in your environment using free and publicly available tools, making it easy for you to maintain the setup afterwards. The output from the password analysis is used as the initial input for which words to blacklist.

The presentation’s content is based on our knowledge of hackers and good password practices. The presentation itself is based on our experience and knowledge from awareness training and performing engaging presentations on cyber security to all levels of an organization.

 

 

Involvement

When assessing your desired password policies and setting up the password blacklisting solution, some involvement on your part is required.

For the password analysis, minimal involvement is required.

The presentation usually takes between thirty minutes and two hours, depending on the amount of content to cover.

 


 

See our other services