123456 - 23.2 Million Cyber Victims Used This Password
The most hacked passwords have been revealed as a UK cyber survey exposes gaps in online security with global breach analysis finding 23.2 million victims used 123456 as...
Read Full ArticleEast Ayrshire Council has blocked weak passwords after an annual audit revealed their 6,000 employees were leaving the organisation open to cyber threat.
It was 2017 when the council first started to take action to block common and vulnerable passwords. East Ayrshire implemented a Specops Password Policy to enforce stronger passwords and customise a password dictionary list.
A 2017 audit had shown that many users were using common passwords such as Password1, Initial1 and Summer17. They were also selecting easy-to-guess passwords containing the names of local football teams (Kilmarnock, Celtic and Rangers etc).
There was also a short password expiration period of 45 days, so users were even resorting to adding a number at the end of their previous password in order to update it.
“We had a problem with weak passwords and the Active Directory password policy settings didn’t allow us to block common words,” says Ian Aston, ICT Security Manager at the council.
“We were familiar with Specops Software and quickly set up a demo to review the Specops Password Policy software.”
Stop reuse
In addition to blocking high-probability passwords, the council wanted to use password expiration without encouraging password reuse and incremental passwords. Support for passphrases was seen as a desirable feature in the password enforcing software.
The council created a custom list of banned passwords containing the most common passwords and the weak passwords revealed by the audit. Adding this to the software made it possible to stop all of these words from being chosen when setting a password. They also used the feature in Specops Password Policy to stop incremental passwords.
The implementation was carried out over eight weeks, starting with the IT staff before enabling it for all users. To prepare the council employees for the new password policy, Ian Aston and his team sent an email explaining the new policy with screenshots of the error messages a user would get if they chose a password on the customised dictionary list.
“We installed the Authentication Client on all of our endpoints so that our users would get the messages should they fail to choose a strong password,” Aston said. “The feature is very helpful, making the implementation process very smooth. We only received a couple of calls to the helpdesk with questions.”
Passphrases
Now that users are aware of password security, Aston is looking to enforce passphrases. These longer passwords would stand up to brute force attacks better. Aston may also extend the expiration period so that users will not need to reset their passphrases as frequently.
For the passphrase rollout Aston is planning user communication in the form of end user security training, emails and desktop alerts. Training is underway to give the users suggestions for how to come up with a secure passphrase that is easy to remember but hard to crack.
Picture: East Ayrshire Council has implemented a password policy for 6,000 employees that range from support services to social workers.
Article written by Brian Shillibeer | Published 27 June 2019
The most hacked passwords have been revealed as a UK cyber survey exposes gaps in online security with global breach analysis finding 23.2 million victims used 123456 as...
Read Full ArticleYounger employees have been identified as the main culprits for security breaches in the workplace in a study by Centrify of UK senior decision makers and...
Read Full ArticleIn Part 3 of our cyber security Q&A, Sheldon Reynolds talks us through the danger of reusing passwords and what happens on the dark web. According to data...
Read Full ArticleThe cyber threat landscape is evolving at an alarming rate, and there's a new player in town that's causing mayhem in inboxes: impersonation attacks. In this...
Read Full ArticleIn Part 2 of our Q&A with cyber security expert Francis West, we discuss simple actions we can all take to be more cyber safe, what to do if you receive a suspicious...
Read Full ArticleLearn more about the realities of cyber crime in this Q&A with cyber security expert Francis West. From Whatsapp fraud to investment scams, cyber crime has...
Read Full ArticleUK data centres are now classed as critical national infrastructure, the same status associated with energy supply, water supply, transportation, health and...
Read Full ArticleA major IT outage caused major disruptions at airports, GP surgeries, and retail stores. Computer systems across the world crashed, experiencing the “Blue...
Read Full ArticleA Freedom of Information request has revealed that there was a resurgence in ransomware-related incidents following a quieter 2022. In the first six months...
Read Full ArticleFrancis West is CEO of Security Everywhere, a company which helps SMEs to secure their money, data and reputation with managed security services. Francis is a trusted...
Read Full Article