Authlogics Password Security Management

Don’t let an Internet password

breach affect your security
Password Security Management is a comprehensive real-time
solution to ensure that user passwords comply with regulations Features and highlights
and that they have not already been compromised online. • Analyse the risk posed by
publicly available breach data
The Password Legacy way that criminals gain access to online
information such as documents and
Passwords have long been the foundation for information stored in the Cloud or VPN’s. • Credential audit and reporting
user authentication, yet passwords are not a for Active Directory including
solid security mechanism. A breach can render Fortunately, the new Digital Identity Guidelines breaches and public website
all other security controls useless, leaving (Special Publication 800-63B) from the U.S.
National Institute of Standards and Technology sharing weaknesses
company data and systems exposed.
provides new best practice on how we can
Within most organisations, the user’s Active replace outdated password policies. These • Organisation and user level
Directory password is the key to the front door guidelines state that we no longer need risk rating
and is used to access many systems, including complicated policy rules, and that frequent
internal documents and data stored in the password changes are no longer required. • Real-time and retrospective
Cloud. That makes it the most important scanning
password to protect and the most attractive for Instead, passwords should have a minimum
hackers to target. length, and most importantly should be
checked against a comprehensive database of • Protection from breached and
To ensure adequate password-based security, previously known compromised passwords. shared passwords
administrators have traditionally applied This greatly reduces the likelihood that bad
various Windows complexity restrictions such actors can use password breach data from an • User self-service AD
as forcing minimum length, use of special unrelated website or organisation to gain password reset via OTP with
characters and enforced changes every x access to your organisation. policy compliance UI.
number of days. These complexity settings
have not only frustrated users for years but With the introduction of new hard-hitting data
protection and legislative governance controls, • Continuously updated
have increasingly been found to be unsecure.
such as EU General Data Protection Regulation database of over 4 billion
(GDPR), companies now have to ensure that breached credentials and
What makes a password secure? their systems are ‘secure by design’ and ‘secure
by default’. Unfortunately, these regulations are
1.2 billion clear text
vague in that although they require that passwords
A ‘secure’ password is one that is both secret
and not easy to guess. However, “P@ssw0rd” companies are ‘secure’ they don’t define in
would appear to meet all the typical guidelines detail what ‘secure’ means. • Simplified password policy
for password complexity; as a result, it is and reduced helpdesk costs
Furthermore, the legislation stipulates that
commonly used and therefore easily guessed. single point in time compliance is not
• Comply with NIST SP 800-
There are other common techniques users use adequate. Any controls introduced must,
therefore, have the ability to be continuously 63B, NCSC, CMMC, GDPR and
to get around complexity rules, e.g. adding a
number at the end of their password to match monitored to prove that compliance is on- other digital identity
the current month. This makes it easier to going. For these reasons, Data Protection guidelines
remember, meets the policy requirement of a Officers charged with ensuring their
password change every 30 days, but adds no organisations are compliant need to resort to • No desktop software required
actual security value. best practice standards, e.g. NIST SP 800-63B,
and employ modern authentication products
Worst of all, users often share passwords and processes.
across multiple unrelated websites. A breach
on one compromised website is a common

www.authlogics.com | End-to-End Authentication. Simplified.

Authlogics Password Security Management

Simplified passwords management

across the entire enterprise
Achieve NIST SP 800-63B compliance by combining a modern password policy engine
and our Password Breach Database containing over 4 billion breached credentials.
Password Security and passwords from an unrelated security
breach are not used to gain access to
Password Security Manager can perform
a detailed audit of the existing AD data
Management corporate systems is a crucial part of and provide a detailed per-user report
meeting the NIST password guidelines. including accounts with breached and
Authlogics Password Security
Our Cloud-based Password Breach shared passwords within and outside of
Management (PSM) has been designed to Database consists of over 4 billion
the network.
assess existing password related breached credentials, including over 1.2
weaknesses, report on the current threats Fixing the problem
billion compromised clear text
and risks, automatically remediate the
passwords, and is continually updated.
problem and provide ongoing real-time Password Security Management is able to
protection and alerting from new Customer privacy is important to us; automatically raise alerts and remediate
password breaches. hence, database lookups use k-anonymity Active Directory user accounts which
technology to ensure that passwords and have breached or shared passwords by
It allows for a simpler password policy
hashes do not leave the corporate either forcing them to be changed at next
which reduces regular changes, lockouts
network when checks are being done. logon or by disabling the account.
and helpdesk calls for password-related
problems. Users can reset their password When a new password is created, PSM
via a One Time Pin (OTP) themselves to Password Security Portal uses a combination of a rules engine,
further reduce the helpdesk burden. custom blacklists, heuristic scanning and
When installed with Active Directory, PSM The Authlogics Password Security Portal the Password Breach Database to ensure
immediately intercepts and analyses proves an insightful view of the public weak passwords are rejected. These rules
password changes as they happen, no breach data relevant to your organisation are NIST compliant by default.
matter where they originate from, constructed using AI and BI logic from
More granular policy features include
ensuring compatibility with 3rd party IAM multiple data breach sources. restricting character repetition, month and
solutions and helpdesk management This allows you to view both organisation day names, alphabetic, and character
software. and user risk levels over time, as well as sequences based on keyboard layouts are
There is no need to install extra software who may be sharing their corporate also available.
onto workstations, PSM is centrally password on other websites.
managed and has a small footprint. All
password change attempts, both
Email notifications about newly
discovered breaches relevant to your
Not just for Windows
accepted and declined, are logged company can also be sent.
centrally for auditing and reporting While AD is a common directory service,
many others too rely on passwords. The
purposes. Finding weak passwords rules and heuristics engines and the
Many corporate Active Directory Password Breach Database are available
Password Breach Database databases have been in existence for via a web API allowing integration with
decades and may contain very old and other directory services or in-house
Ensuring that compromised usernames well-known passwords. applications for stronger password
security.

Regulation and Compliance

The National Institute of Standards and data breaches; if they have they can’t be used.
Technology (NIST) Special Publication 800-63B
released in June 2017, and updated in Enforcing these new guidelines with legacy built-
December 2017, provides updated password in directory policies alone is simply not possible.
best practice to be more reflective of dealing By deploying Authlogics Password Security
with modern password security problems. Management, you can immediately benefit from
Section 5.1.1.2 includes a new requirement that enhanced password protection and comply with
passwords should be checked to see if they these regulations, all while cutting helpdesk
have previously been compromised in previous costs and reducing the password pain for users.

www.authlogics.com | [email protected] | +44 1344 568 900 | +1 408 706 2866