Enzoic, a leading provider of compromised credential screening solutions, released the latest version of Enzoic for Active Directory.
The product is the only Active Directory plugin to meet all NIST 800-63b requirements. The automated tool screens for weak, commonly-used, fuzzy matching, and expected passwords in addition to compromised passwords. This helps organizations mitigate the risk from poor password hygiene by ensuring more secure passwords in Active Directory.
Compromised passwords were found to be responsible for 81% of hacking-related breaches in Verizon’s 2018 Data Breach Investigations Report. The reuse of passwords between personal and professional accounts is a key behavior that cybercriminals exploit despite efforts to educate employees.
With Microsoft Active Directory being the primary solution for access to network resources, IT teams need an automated password screening solution that accounts for human behavior around password reuse.
Enzoic for Active Directory now enables organizations to automatically screen for commonly-used, fuzzy matching, expected and compromised passwords against its proprietary database, a continuously updated catalog containing multiple billions of unique exposed username and password combinations.
Organizations can now determine the number of differences required between old and new passwords, and they can add up to 5,000 custom passwords that will be screened and blocked at creation.
The solution checks the password at the time it is created and when it is reset, and then monitors it daily against a real-time compromised password database. All without additional burden on the IT team because once it is set up, it runs automatically behind-the-scenes.
“Organizations face a constant battle to stay ahead of cybercriminals and unauthorized account access,” said Michael Greene, CEO, Enzoic.
“Password security is often the weakest link and IT teams need an automated solution that continuously screens passwords and takes into account human behavior. Enzoic for Active Directory provides a way to significantly strengthen password security and because it is fully automated, it removes some of the burden on IT.”
“We selected Enzoic for Active Directory because it automates compliance with the NIST password guidelines and it can be installed in just a few minutes,” said Peter Rios, IT Operations Manager, Kingston Technology Company.
“It includes continuous exposed password filtering and if bad passwords are found, remediation is automated so it does not create any additional work for our IT team.
“The custom local dictionary in the newest version of Enzoic for Active Directory will enable us to block our company name, product names and some of the common words our employees may choose to use.
“The experience is seamless for our users. It only impacts the users that are using bad or exposed passwords, all other accounts are protected without any additional friction.”
Enzoic Active Directory 2.5 strengthens compliance with NIST 800-63b by guarding against common password behaviors:
- Prevents the use of common dictionary words and passwords.
- Blocks expected and similar passwords: prevents a root password that gets changed by a few characters or just capitalization.
- Matching fuzzy password patterns: stops compromised password patterns as it checks for multiple variants of the password, including case-sensitivity and reversing.
- Screens for context-specific passwords: organizations can create a filter in the custom password dictionary for context-specific passwords which are frequently used by employees.
- Daily screening for compromised passwords because new passwords are exposed every day.