Why StealthINTERCEPT Enterprise Password Enforcer?
With 80% of breaches involving weak or compromised passwords and the top 10 common passwords still including ‘123456’, ‘password’, and ‘qwerty’, organizations need to strengthen and improve password hygiene. Breach costs will only rise, further emphasizing the importance of your first line of defense…the password.
Using a dictionary of 555 million known compromised passwords, along with complexity, character substitution, and testing tools, StealthINTERCEPT Enterprise Password Enforcer safeguards your organization from credential-based attacks. We can identify and prevent weak and compromised passwords from being used. We can even provide end user guidance on how to choose a strong(er) password.
Tell Users Why Password Fails
We reduce helpdesk calls by showing users why proposed passwords fail what needs to change to adhere to policy.
Enhanced Password Complexity
Provide administrators more granular control of password requirements to ensure proper compatibility with all of an enterprise’s resources.
Password Policy Testing Tool
Before implementing new or modified rules, it’s advantageous to know where issues will arise.
Control Character Substitutions
Attackers can just as easily replace an “S” with a “$”, or an “A” with the “@”. Gain control of your passwords and all possible variations.
Breached Password Dictionary
We integrate with a repository of millions of known bad passwords, HIBP, so users don’t unknowingly try and use these vulnerable passwords.
Integrate with your SIEM
Send alerts and triangulate risk signals for a more complete risk & attack posture for your organization.
SCENARIO 1
IMPROVE PASSWORDS – CHECK THEM AGAINST 555 MILLION KNOWN BAD ONES
BUT THIS PASSWORD WAS STOLEN IN A PAST BREACH AND IS FOR SALE ON THE DARK WEB… 60+% REUSE THE SAME PASSWORD AMONG ACCOUNTS1… LEAVING YOU VULNERABLE!
The National Institute of Standards and Technology (NIST) recommends the restriction of “passwords obtained from previous breach corpuses” and other “commonly-used” or “expected” values for passwords. StealthINTERCEPT Enterprise Password Enforcer leverages the Have I Been Pwned breach dictionary of 555 bad/ compromised passwords.
SCENARIO 2
SAVE YOUR HELPDESK – SHOW USERS WHY PASSWORD CHOICE FAILS
It can be uber frustrating when user’s password choices get rejected with no guidance on why, often leading to rising helpdesk calls and costs. Password policy changes often have the same effect but at enterprise scale.
StealthINTERCEPT Enterprise Password Enforcer can now surface a clear definition of password policies and rejected password feedback to end users during the password change process. Showing users specifically what requirements they failed to meet is an immense help and reduces the need to call the helpdesk.
SCENARIO 3
STRENGTHEN PASSWORDS – ALLOW/DISALLOW PARTICULAR CHARACTER SUBSTITUTIONS
Users think they are clever when replacing an “s” with “$” or “a” with “@” within dictionary words that often pass standard password policy for complexity, but attackers know this and leverage the same technique to compromise/guess the password.
StealthINTERCEPT Enterprise Password Enforcer provides a substitution editor allowing administrators to modify or create permitted/not permitted custom character substitutions. We can also reduce the required effort to contemplate all variations of a password through character substitution. Administrators only need to specify character equivalents and the base word (e.g ‘Password’), Enterprise Password Enforcer does the rest.
SCENARIO 4
SAVE TIME – KNOW THE AFFECTS OF A PASSWORD POLICY CHANGE BEFORE DEPLOYMENT
Wasted time and user & administrator frustration is often caused when organizations change password policies. Most don’t know the impact until deployment. Some accept it as a necessary evil, we found a better way!
StealthINTERCEPT Enterprise Password Enforcer allows policy creators to test out any potential policy change without affecting users. We analyze the proposed policy against current environment passwords, reporting back which would fail and why. Get your policy right BEFORE engaging users.
