Active Directory Password Blacklisting
Authors: Leeren Chang

Date: August 7 2018
Publication: BSidesLV 2018
Source 1:

Abstract or Summary:
Active Directory remains the most popular corporate solution for organizing devices and users on a network. Central to its responsibilities is providing user authentication and authorization. In particular, password authentication through Active Directory necessitates the use of the strongest defense mechanisms possible. However, the common corporate pattern of enforcing higher complexity passwords by increasing entropy remains an anachronism. This trend of constantly increasing password complexity is not only counterproductive due to its restrictiveness, but is also insecure due to its lack of defense against dictionary-based attacks. With the plethora of attacks centered on brute-forcing and commonly-used passwords, many corporations are falling victim to these attacks despite supposedly strong password enforcement.The solution to these problems is integration of password blacklisting directly into Active Directory, a countermeasure that has yet to reach widespread corporate adoption. This talk will provide a run-down on how corporations can install their own Password Filtering service directly into Active Directory using either in-house solutions or existing ones, and outline why this helps improve overall security and productivity. As an example, I will talk about how Yelp recently deployed this type of solution to improve our authentication flow. Note: Video of presentation:

Do you have additional information to contribute regarding this research paper? If so, please email with the details.

<-- Back to Authentication Research Paper Index

[Home] [About Us] [News] [Research]

Copyright © 2019