Custom Password Blacklisting comes to Active Directory

Administrators can now easily block specific passwords in Active Directory; Password RBL adds customer-specific entries to its massive password blacklist for Windows.

Password RBL adds customer-specific entries to their password blacklisting products that solve the problem of weak passwords that lead to unauthorized access and data breaches.  In addition to stopping nearly 70 million bad password combinations, their newest feature allows subscribers to provide their own banned passwords.  This increases the effectiveness of the solution for each individual subscriber as they can now add entries to their own password blacklist.  This includes passwords known by terminated employees or known to have been shared by users.  Other common passwords that a company may want to ban include passwords based on publicly available company-specific information, such as company name, address, or slogan.  This is the type of information used in password-based attacks.

Bad passwords have plagued businesses for decades.  In the last few years there has been a noticeable increase in reported data breaches because exploiting weak passwords is an easy way for hackers to gain access to business networks.  The 2014 Verizon Data Breach Investigation Report found that 2 out of 3 network breaches exploited weak or stolen credentials.  IT departments have tried to coach users into choosing complex passwords and employed the use of password policies, but this doesn’t solve the problem.  There are millions of bad passwords that meet common policies.  Password policies do, however, annoy end-users with frequently required password changes.  The built-in password policy in Windows is no longer good enough.  Password RBL ensures that end-users choose strong passwords that hackers don’t already know.  And now companies can add their own banned passwords to further customize the service to their needs.  If users are picking strong passwords, then they should be allowed to keep them for longer.  Truly a win-win situation.

Password RBL’s Password Firewall for Windows is extremely lightweight, features an easy wizard-based installation that only needs to be run on Domain Controllers, and doesn’t require end-users or IT staff to learn anything new.  Furthermore, Password Firewall follows the exact same pricing model as direct API access to the Password RBL blacklist and both products can be used simultaneously under the same subscription.

Password RBL, founded in 2013, is a provider of affordable and easy to use password blacklist solution.  The company slogan is “Prevent Bad Passwords Before They Happen” because their solutions prevent the use of bad passwords that hackers user to gain unauthorized access to business networks across the globe.  They consolidate passwords discovered by analysis of hacker tools, running honeypot servers, and scouring the web for published credential databases from data breaches.

Currently, subscriptions to the service start at just $15.00 (USD) per month.