On average 11% of users choose passwords which are common or have been leaked in a breach. Active Directory does not natively detect or block these passwords, leaving accounts vulnerable to Password Spray and Credential Stuffing attacks.
Pegasus Labs AD Protection stops users adding common or compromised passwords to their accounts and can reset existing common and compromised passwords. It continually monitors and automatically responds to new breaches keeping AD secure.
Over 80% of breaches involve the use of common, lost or stolen credentials Verizon
A significant proportion of users will select easy to guess passwords or reuse passwords across personal and work accounts.
The best way to protect against this risk is to automatically detect and block attempts to use passwords which are commonly used or included in breaches.
Pegasus Labs AD Protection continually monitors AD and fixes these issues for both new and existing passwords.
Both NIST and NCSC recommend:
Users choose easily predictable password sequences when asked to change passwords regularly and common substitutions for password complexity (i.e. Password1!), so neither of these is effective at improving security.
Password Reset is the leading category of contacts to most enterprise service desks. The primary cause of this is forcing users to regularly change passwords.
Both NIST and NCSC recommend detecting common and compromised password instead of forcing regular password changes. This improves user experience, reduces service desk calls and improves security.
When processing requests to establish and change memorized secrets, verifiers SHALL compare the prospective secrets against a list that contains values known to be commonly-used, expected, or compromised. NIST Guidance