Most security-conscious organizations have password restrictions that prevent users from picking simple passwords. They typically have “strong password requirements” with a minimum length that include a variety of different types of characters.
The common recommendation for a strong password was complexity. Password complexity in the form of more than 8 characters with a mix of numbers, symbols, and upper and lowercase letters.
This combination produces an astounding 1,677,721,600,000,000 password options.
That mind-boggling set of choices could be increased further, but would still fail to account for one simple fact: Cybercriminals have access to data from previous security breaches that show the password choices humans have actually made.
Real-world passwords exposed in previous data breaches quickly get funneled into cybercriminals’ cracking dictionaries, which means even a 30-character password with complex characters wouldn’t be secure.
Even a 30 character password isn’t secure if it was previously compromised.
The solution? There are a variety of new technologies from multi-factor authentication to biometrics that improve authentication. But as long as the password remains a critical security layer, organizations must help users pick passwords that are strong and are not compromised.
Because users have no way of knowing which passwords have been compromised, Enzoic provides API solutions and a simple Active Directory plugin that make it easy for organizations to guide users to better choices.
Additional articles: