Last week the largest known compilation of passwords, dubbed RockYou2021, was leaked on a popular hacker forum. An unbelievable collection of 8.4B passwords, greatly eclipsing similar collections previously posted, is now in the wild. You may want to check whether the passwords you use are exposed by checking the Pwned Passwords website.
You may have a “so what?” reaction to yet another dump of passwords, even at this scale. Well, hackers can use password variations with usernames and emails from other breach compilations to mount password dictionary and password spraying attacks. Since most users reuse their passwords, the number of accounts affected in the wake of this leak can potentially reach millions, if not billions. And if you have any doubts at how quickly hackers take advantage of these leaks, recent research shows just how fast hackers test out leaked passwords – within 12 hours!
We advocate multi-factor authentication (MFA) and even passwordless authentication (and we still do!). However, the ugly reality is that many organizations still have in place simple password authentication for some of their legacy systems/apps and they are stuck administrating them. If reliant on manual processes, user time is wasted waiting for a password reset ticket to be resolved by the IT help desk, resulting in loss in productivity of an employee and hence overall productivity of an organization. And then there are costs associated with the IT help desk itself. According to the Gartner Group, between 20% - 50% of all help desk calls are for password resets. Forrester Research states that the average help desk labor cost for a single password reset is about $70.
NetIQ Self Service Password Reset (SSPR) is a web-based password management solution that eliminates users’ dependency on IT help desk assistance for changing passwords. SSPR brings higher returns by reducing the cost and workload of the IT help desk and enables them to ensure that all passwords in their organization comply with established best practice policies. Capabilities include:
- SSPR enables a user to securely reset their password or unlock their account by answering a set of secret challenge questions;
- SSPR has the flexibility to easily adapt to an enterprise’s password policy management processes;
- Using REST APIs, SSPR can integrate into ticketing systems like Micro Focus SMAX and ServiceNow to automate and simplify workflows for password changes;
- SSPR's look & feel can be personalized with an organization’s branding (layout, colors, fonts, images, etc);
- Built-in MFA support and integration with NetIQ Advanced Authentication is also an advantage; and,
- Relevant to password leaks, SSPR can look at a breached password database and only allow users to set a password that’s not in the database.
NetIQ provides security solutions that help organizations with workforce and consumer identity and access management at enterprise-scale. By providing secure access, effective governance, scalable automation, and actionable insight, NetIQ customers can achieve greater confidence in their IT security posture across cloud, mobile, and data platforms.
NetIQ is part of CyberRes, a Micro Focus line of business.