Password Blacklisting comes to Active Directory with release of “Password Firewall” product
Password Firewall prevents the use of bad passwords that satisfy Active Directory password policies but are actively being used by hackers to gain unauthorized access.
By: Password RBL
Bad passwords have plagued IT departments and businesses for decades. In the last few years there has been a significant increase in hackers utilizing password-based attacks to gain unauthorized access to business networks and data. The 2014 Verizon Data Breach Investigation Report found that 2 out of 3 network breaches exploited weak or stolen credentials. IT departments have tried to coax users into choosing complex passwords and employed the use of password policies, but this has barely mitigated the problem while annoying end-users with always-too-frequent password changes. The built-in password policy is no longer “good enough” security. Password RBL can ensure end-users are picking strong passwords that hackers aren’t already using. This means IT can reduce the frequency of pesky required password changes. As founder Adam Smith puts it, “IT gets strong passwords and users get to keep their passwords.”
Password Firewall for Windows is extremely lightweight, features an easy wizard-based installation that only needs to be run on Domain Controllers, and doesn’t require end-users or IT staff to learn anything new or change their behavior. Furthermore, Password Firewall follows the exact same pricing model as direct API access to the Password RBL blacklist database and both products can be used simultaneously under the same subscription.
Password RBL, founded in 2013, is a provider of easy to use yet secure and affordable password security solutions. The company slogan is “Prevent Bad Passwords Before They Happen” because their solutions prevent the use of bad passwords that hackers already utilize to gain unauthorized access to business networks across the globe. They consolidate passwords discovered by analysis of hacker tools, running honeypot servers, and scouring the web for published credential databases from data breaches.
Currently, subscriptions to the service start at just $15.00 (USD) per month.