Passwords remain integral to security and AD is the center of password authentication for most organizations. In this real training for free session, we will take a comprehensive look at the intersection of passwords and Active Directory. We will look at the controls and security features available in Active Directory and compare that to today’s risks.
Password risks have changed dramatically over time in the AD/Windows world. Some of you may remember the days of L0phtCrack and when backward compatibility with Lan Manager hashing was the Achilles heel of AD. But today the biggest concerns are risks like password spraying and breached passwords.
Another thing that is changing is our beliefs about the best way to manage the human aspect of passwords. In the past we used to view passwords much like encryption keys – stressing entropy and length. This of course ignored the reality that users are humans who are not designed to remember long, random sequences of characters. Well-respected NIST has come out saying that time-honored password controls like complexity and frequent password changes actually increases risks and recommends abolishing such policies. On the other hand, compliance requirements like PCI require old-school password policies as well as many corporate written policies. In this webinar, we will look at how to implement whatever policies you are currently required to implement in AD but also keep an eye on today’s real risks which may not be aligned with current mandates.
Here’s a list of AD password topics I will discuss:
- Domain password policy
- Fine-grained password policy
- Lockout policy
- NTLM authentication protocol settings
- Settings affecting hashing
- Password filters
- Password reset permissions
But there are some important areas of password risk totally unaddressed by Active Directory and we will discuss these. Primary among these is remediating accounts with breached passwords. For instance, NIST strongly recommends comparing passwords to breached password lists as frequently as possible. I will show you a free tool that does a great job of scanning your AD accounts with breached passwords against a list of regularly updated credentials.
Here's another gap where out-of-the box AD is really lacking: forgotten password resets. It was decades ago that the industry realized how much calls to the help desk to reset forgotten passwords actually cost. How do you implement self-service password reset that is truly accessible and secure at the same time?
We will discuss this and many other issues relevant to AD and password security in this real training for free event. Specops Software is the perfect sponsor for this session because they have built a product portfolio around comprehensive password management for AD environments. Darren Siegel specializes in password management for Specops customers and will show you a condensed version of Specops product offerings that expand and improve on the gaps in Active Directory’s password security offerings, including Specops Password Policy and Specops uReset.
Please join me for this practical and educational real training for free session.