Preventing Pwned and Reused Passwords

Preventing Pwned and Reused Passwords

Preventing Pwned and Reused Passwords

Most of the companies are focusing on improving their security as the pandemic continues and people continue to work remotely. But one of the most critical areas of security is often overlooked i.e., password.

Weak, reused and pwned passwords have long been a security nightmare for everyone. So, in this article we will learn about them and how we can improve our passwords and security.

Why prevent password reuse?

One way that cybercriminals compromise environments is by making use of breached password data. This allows launching password spraying attacks on the environment.

Password spraying involves trying only a few passwords against a large number of end-users. In a password spraying attack, cybercriminals will often use databases of breached passwords i.e., pwned passwords, to effectively try these passwords against user accounts in your environment.

Detecting whether our Password is Pwned or not

The Have I Been Pwned website, operated by security expert Troy Hunt, is a valuable resource for the security community. Troy Hunt has provided a number of resources on the site that allow organizations to make use of and gain awareness of various security threats.

Using HIBP, we can discern if passwords in their environment have previously been exposed to data breach events.

Troy Hunt has provided an HIBP API that is freely available and allows making real-time API calls from various software applications to the HIBP API to check passwords used across multiple software forms and many other purposes. Some of the API calls and information that can be returned include the following:

  • Getting all breaches for an account

  • Getting all breached sites in the system

  • Getting a single breached site

  • Getting all data classes

Protecting against Pwned Passwords

Specops Password Auditor is a free tool currently offered by Specopssoft that provides IT admins with the ability to scan their environment for many different types of password risks.

With Password Auditor, we can find:

  • Blank passwords

  • Breached passwords

  • Identical passwords

  • Expiring passwords

  • Expired Passwords

  • Password policies

  • Admin accounts

  • Password not required

  • Password never expires

  • Stale admin accounts

More Articles of Aniket Sharma:

Name Views Likes
Pyperclip: Installation and Working 990 2
Number Guessing Game using Python 683 2
Pyperclip: Not Implemented Error 1026 2
Hangman Game using Python 16785 2
Using Databases with CherryPy application 1672 2
nose: Working 507 2
pytest: Working 511 2
Open Source and Hacktoberfest 867 2
Managing Logs of CherryPy applications 1001 2
Top 20 Data Science Tools 684 2
Ajax application using CherryPy 799 2
REST application using CherryPy 663 2
On Screen Keyboard using Python 5508 2
Elastic Net Regression 815 2
US Presidential Election 2020 Prediction using Python 794 2
Sound Source Separation 1164 2
URLs with Parameters in CherryPy 1633 2
Testing CherryPy application 635 2
Handling HTML Forms with CherryPy 1448 2
Applications of Natural Language Processing in Businesses 508 2
NetworkX: Multigraphs 648 2
Tracking User Activity with CherryPy 1397 2
CherryPy: Handling Cookies 820 2
Introduction to NetworkX 633 2
TorchServe - Serving PyTorch Models 1301 2
Fake News Detection Model using Python 734 2
Keeping Home Routers secure while working remotely 483 2
Email Slicer using Python 2996 2
NetworkX: Creating a Graph 1108 2
Best Mathematics Courses for Machine Learning 551 2
Hello World in CherryPy 680 2
Building dependencies as Meson subprojects 978 2
Vehicle Detection System 1081 2
NetworkX: Examining and Removing Graph Elements 607 2
Handling URLs with CherryPy 536 2
PEP 8 - Guide to Beautiful Python Code 757 2
NetworkX: Drawing Graphs 624 2
Mad Libs Game using Python 643 2
Hosting Cherry applications 612 2
Top 5 Free Online IDEs of 2020 866 2
pytest: Introduction 534 2
Preventing Pwned and Reused Passwords 582 2
Contact Book using Python 2095 2
Introduction to CherryPy 547 2
nose: Introduction 505 2
Text-based Adventure Game using Python 3000 2
NetworkX: Adding Attributes 2278 2
NetworkX: Directed Graphs 1021 2
Dice Simulator using Python 560 2
Decorating CherryPy applications using CSS 833 2