By Greg Keller Posted August 19, 2016
The number one network security attack vector is to compromise identities. It is the easiest and fastest way into a network. Target, Sony, and many even Mark Zuckerberg have learned this bitter lesson.
You could be next.
Compromised accounts prey on human nature to centralize the use of their passwords. Not only is it quite difficult to remember a variety of passwords, but it is also easier to remember passwords that are shorter and made up of words that you know. Unfortunately, hackers know our human tendencies only too well and prey on them.
People and Passwords
When it comes to carefully selecting, remembering, and managing complex 10+ character passwords, most users fall somewhere between undisciplined and indifferent. Given no regulation, people prefer to reuse a few short passwords across a variety of sites, both personal and professional.
That means that an IT organization could do everything right on their end, only for a compromise at a completely unrelated website to expose their passwords. While this is something that is out of an IT organization’s control, it negatively impacts them nonetheless.
Training users is a big part of the solution, but it can’t be the only approach. There needs to be a mechanism to break the natural tendency to leverage the same password in all places. Leveraging a cloud-based directory service’s ability to enforce high password complexity standards is critical. This process forces users to leverage passwords that are inherently stronger than the ones they may use for their personal accounts.
Ultimately, the goal for IT is to make sure that each user’s passwords on their systems, applications, and networks are unique and strong. IT admins can take some significant control with the Directory-as-a-Service® feature for password complexity and password rotation.
Password Complexity and Rotation Settings
JumpCloud’s password complexity and rotation capabilities allow admins to set the following criteria for passwords:
Research has shown that the most important factor for password security is the length. If you can increase the length of your user’s password to a minimum of 15–18 characters, it is going to make it much more difficult to hack. Further, a user will struggle to employ one word as their password because of its length. Consequently, the password may end up being a phrase, which is much more difficult to break. Even better, it may be a set of random numbers and characters that is generated by a password manager.
Adding capitalizations, numbers, and special characters all increase the level of difficulty for a password to be hacked. Use these characters along with a long password and you’ll have a very strong password.
JumpCloud detects whether the username is a part of the password. Obviously, you want to avoid that if possible.
A good practice is to limit the chances of a password being reused. You can set the number of original passwords that must be used before a specific password can be reused. This limits the chances that a password is recycled and that one set of passwords is used across a user’s personal and business accounts.
To prevent hackers from guessing a password, you can lock out the user after a certain number of attempts. Mobile phones go so far as to wipe data when an account has been locked, but in the case of JumpCloud, you’ll disable the user’s account.
If you want to force users to change their passwords on a regular basis, you can with a password rotation feature. This helps keep passwords ‘off-schedule’ so that a user cannot align all of their passwords to a singular password over time. By forcing change on their business accounts, they will struggle to keep them in sync with personal accounts. You can rest assured that is a good thing.
Control Password Complexity And Rotation With Directory-as-a-Service
The goal with the password complexity and rotation functionality is to build strong, unique passwords. Ideally, your users do this on their own, reducing and eliminating risks. All too often, however, human nature leads us to take the path of least resistance. Sometimes it is to the detriment of our identity management security.
If you would like to learn more about how to enable JumpCloud’s Directory-as-a-Service feature for password complexity and rotation, drop us a note. We’d be happy to help you set it up, or check out our Knowledge Base for more information.