What can you do to fortify your passwords?

It is common for users to have a couple of password choices that they always use whenever they have to create a new password. A subject matter expert at Nord Security says, “We now partly understand why people use easy-to-guess passwords — they simply have too many to remember. So, it’s hardly surprising that people use either very simple passwords or have a few and reuse them for all accounts.”

These easy-to-remember passwords may even check off every box in the password complexity rule list, making them seem impossible to crack. But, the below study shows alarming statistics of how software powered by?artificial intelligence (AI) can guess even complex passwords in seconds.

Cybersecurity firm?Home Security Heroes used PassGAN, an AI password cracker, to test 15.6 million commonly used passwords to determine how long it would take for AI to crack them. The firm found that PassGAN could decode a little over half of all popular passwords in less than a minute. Furthermore, the tool could crack a password of seven characters containing numbers, uppercase letters, and lowercase letters in just 42 seconds.

On the bright side, the study also showed that an eighteen-character password having numbers, uppercase letters,?lowercase letters, and symbols takes PassGAN six quadrillion years to decode. No wonder most password compliance standards urge users to create long passwords.

Apart from password length, there are various other aspects that password regulatory compliance mandates suggest to strengthen passwords. Check out our infographic on password security best practices:

download.manageengine.com/products/self-service-password/world-password-day.pdf

Check out our curated resources on passwords and password security here:

https://www.manageengine.com/products/self-service-password/world-password-day.html?linkedin_article

Are passwords enough to secure identities??

Although significant efforts have been made to enhance password security, passwords are no longer able to withstand the sophisticated attacks employed by modern-day cybercriminals, such as brute-force, dictionary, and social engineering attacks. Password security measures must evolve in tandem with the changing cybersecurity landscape.

By utilizing multi-factor authentication (MFA) alongside passwords, you can close the gap left by security vulnerabilities associated with passwords. With the appropriate authentication methods in place, even if a password is compromised, the remaining MFA methods will prevent any password-related attack. With MFA, you can even remove the need for passwords and the burden of remembering them.

Secure identities better with ADSelfService Plus

ManageEngine ADSelfService Plus provides passwordless authentication, customizable MFA with conditional access, and strong password policies to safeguard identities. The MFA methods and password policy requirements can be personalized for users based on their OU and group memberships. With passwordless authentication, users can be verified using strong authentication methods such as biometrics, TOTPs, and push notifications. Furthermore, with conditional access policies, exclusive MFA rules can be created based on IPs, business hours, and geolocation.

To discover more about ADSelfService Plus' identity security offerings, schedule a free, personalized web demo with a product expert. To try ADSelfService Plus for yourself, download a 30-day, free trial.