SpyCloud Bolsters Active Directory Guardian with New Password Filter

SpyCloud Active Directory Guardian now automatically prevents employees from setting risky passwords utilizing a password filter.

FREMONT, CA: SpyCloud, known for its unique anti-fraud platform powering account takeover prevention and fraud investigations solutions, has declared that it has added a new password filter feature to SpyCloud Active Directory Guardian.

With hundreds of online logins to manage, people sometimes take shortcuts to keep track of their passwords. They utilize memorable names or words, easy-to-type strings such as "12345678", or even passwords they have used before. Because these habits are very commonly followed, they also are easy for bad actors to figure out. As a consequence, for the last four years, weeks and stolen passwords were consistently the top hacking technique found in the Verizon Data Breach Investigations Report.

SpyCloud Active Directory Guardian now automatically prevents employees from setting risky passwords utilizing a password filter. When an employee sets a new Active Directory password, the password filter automatically screens the choice for repeated or sequential characters, up to 30,000 entries in a custom dictionary as well as billions of exposed passwords discovered in SpyCloud's industry-leading database of recovered breach data.

"Despite repeated warnings, people still try to use common and weak passwords," stated Chris Hajdu, Product Manager at SpyCloud. "It's a very human thing to do simply because we all have so many accounts and passwords to keep track of, but businesses can't afford to let these habits put their networks at risk."

Utilizing Active Directory Guardian's existing capabilities and the new password filter together, enterprises can enforce stronger passwords as well as decrease their risk of a data breach caused by stolen or weak credentials. The password filter makes sure that employee accounts are protected with secure credentials from the moment a new password is created. As new breaches happen over time and compromise more credentials, Active Directory Guardian can ensure employee logins remain secure by resetting and detecting exposed passwords automatically.

Because the password filter runs on the domain controller, the password filter is designed to "fail open" to mitigate any potential impact on business operations. In other words, if the password filter fails for any reason, it will enable users to create unchecked passwords instead of locking them out. Running manual or scheduled scans with Active Directory Guardian provides backup for skipped passwords that might otherwise slip through the cracks.