Upcoming Events:
Free Global Active Directory Seminar (Barcelona) -> May 16th
Free Global Active Directory Seminar (Lisbon) -> May 17th
Free Global Active Directory Seminar (Madrid) -> May 18th

Three neglected password policy tips that increase security

Most organizations are familiar with the Microsoft password policy and the features it provides. The password policy from Microsoft for Active Directory domains has been the same for over 17 years now. Some organizations have taken the initiative to implement multi-factor authentication, but for most organizations, these technologies are expensive, cumbersome, complex, and require end […]

The top 3 drawbacks to Microsoft password policies

We have all been living with the Microsoft password policy solution for many years now. It has sufficed, for the most part, untill now, due to password security requirements. There are distinct drawbacks with the Microsoft solution that all corporations need to consider to protect themselves against hackers. Even with Microsoft Windows Server 2012 R2, […]

Who said password cracking is dead?

In a recent conference, I was privy to a insightful session on password cracking. No, not pass-the-hash, pass-the-ticket, token manipulation, or other high-tech techniques. Rather, just simple brute force hacks, with some twists. It reinforced what I have been teaching for years, which is that our passwords are nearly worthless. Let me explain. Most organizations […]

Monitoring Password Policy Changes

Strong and consistent password policies are essential for any corporation. Without a solid password policy, attackers have one more avenue to gain access to the network and resources. Windows Active Directory provides an easy way to configure a password policy that will force all Active Directory users to have strong passwords. This password policy is configured […]

Local Administrator Password Solution (LAPS)… A Good Start

After attending the first Microsoft Ignite a few weeks ago, it is no surprise to see security tools and technologies being produced by Microsoft. With Pass-the-hash (PtH) so prevalent, powerful, and nearly impossible to stop, Microsoft is taking large strides to help organizations reduce PtH attacks. Microsoft released the Local Administrator Password Solution (LAPS) on […]