Although two-thirds of IT professionals believe AI poses a threat to data security, 76% have entered sensitive company information into a generative AI platform. Learn more about the mismatch between security practices and actual habits: https://bitwarden.com/ai-and-cybersecurity-report/
I'm not sure if I get something wrong, but I think #Microsoft#Entra ID #Password Protection is complete rubbish. E.g. when ban weak passwords with the ominous 5 points rule the results seem to be completely arbitrary.
Microsoft speaks of including commonly used weak or compromised passwords in their Global banned password list. But the list isn't based on any external data source, so leaked passwords not leaked by Microsoft are not included 🤡.
This leads to:
Known leaked passwords are accepted. Location name plus year is accepted. Dictionary word plus year is accepted!!!
Not sure if this applies only to German dictionary words.
It gets even worse. Reading the documentation, I found "Characters not allowed: Unicode characters" WTF
Coming back to the weird point system. A banned password is not really banned, it gives you "only" 1 point (and you need five).
This leads to the question how many points do none-banned words give?
If you think it can't get worse, you're wrong! It looks like each character of a none-banned word gives one point. Meaning "password1234" is an accepted password. (1 point for password and 4 for each digit)
Or a real life example: The #SolarWInds#SupplyChain attach which affected Microsoft, US government agency and countless other organizations world wide, was cause by a weak FTP server password.
Namely "solarwinds123", which would be accepted by #Entra ID #Password Protection (1 point each for "solar" and "wind", 3 points for the numbers. If "solarwinds" would be on the custom banned list, "solarwind1234" would have been enough.
And you can't do anything against it.
I actually hope that the documentation is somewhat wrong and that "123" is not 3 points but 1 as it are consecutive numbers. But this would make it only marginal better (2023
To check if a password was part of a breach https://haveibeenpwned.com/Passwords
(I hesitate to enter real current passwords there but there is also an API which ensures the secrecy of the password)
🔒 The elderly writing down passwords - good or bad practice? 🤔
We explore this hot topic on episode 308 of the @sharedsecurity Podcast. Whether you're a tech-savvy individual or supporting your elderly loved ones, join the discussion and gain valuable insights!
Do you have your own tips or stories of your experiences with passwords and the elderly? We would love to hear your comments! 🙏
Organizing your vault makes it easy to locate items you need. Join the Bitwarden team this week to learn how to move items into folders for a customized feel. https://bitwarden.com/weekly/
Welp, there goes the Dashlane Free people since they will not provide unlimited passwords and have a 25 password limit. Luckily I don't use Dashlane but would immediately transfer all my passwords out of it and then delete my account
Join us for the upcoming weekly Teams and Enterprise demo covering the end user and admin experience as well as a deeper dive into using linked Custom Fields. https://bitwarden.com/weekly/