New Microsoft Azure Tool Helps Eliminate Weak and Insecure Passwords
Microsoft released the public preview of the new Azure Active Directory tool, which aims to help network administrators end weak passwords in companies.
Azure Active Directory (Azure AD) is Microsoft’s cloud access and identity management service. It is mainly used by companies to implement single sign-on and multi-factor authentication in their systems, thus increasing corporate protection.
The new tool, called Azure AD Password Protection, is able to prevent the registration by users of the most used passwords in the world and more than a million of their variations. Basically, neither “password” and “s3nh4” will be accepted as passwords on systems where Azure AD Password Protection is enabled.
Every day a summary of the main news in the tech world for you!
In addition, the tool allows network administrators to prevent the registration of certain combinations from being used as passwords, thus preventing employees from using personal commemorative dates as credentials, for example.
Microsoft claims that banning certain passwords on systems is a more effective method of protection than more complex rules for creating credentials, since most of the time users create the words -Passes based on interests and number combinations.
The company also claims that the tool will drastically reduce the risk of hacking, as most criminals try to break into corporate accounts using simple passwords and weak, hoping that some user has not thought about protection.
The only catch is that Azure AD Password Protection is only available to enterprise subscribers of Azure Active Directory, Premium subscription 1.
Password theft on high
Recently, Microsoft has warned that the criminal group Nobelium, responsible for the virtual hijacking (ransomware) attack on SolarWinds, are using password-stealing tactics, either by phishing, token theft or even brute force invasion, to break into companies and gain access to systems.
The Azure AD Password Protection tool was developed with the aim of increasing the security of passwords for corporate users, but other scams, especially those involving social engineering, can still compromise credentials. It is important that corporations train their employees and explain the security risks present on the internet.
Source: ZDNET
