Active Directory Protection

Simplify NIST Password Standards with SpyCloud

The latest password guidelines from the National Institute of Standards and Technology (NIST) lighten requirements for users—and increase the burden on security teams, who now need to identify and reset passwords that have been exposed in third-party data breaches.

At SpyCloud, we take the legwork out of aligning with NIST password standards. SpyCloud enables you to check user passwords against the largest repository of stolen credentials in the world, reducing the effort required to comply with NIST and keep your users secure.

 

REQUEST A DEMO

Understand the Latest NIST Password Guidelines

Breaking away from strict requirements that encourage bad password habits, the most recent NIST password standards strike a balance between human-friendly policies that encourage users to choose strong passwords and strategies to help enterprises mitigate risk.

To get a full picture of why and how the latest NIST guidelines have changed, download our whitepaper.

 

GET THE WHITEPAPER

Align with NIST to Protect Your Users from Account Takeover Attacks

When users take shortcuts, criminals benefit. That’s why NIST password standards call for businesses to check for “commonly-used, expected, or compromised” passwords, which make it easy for criminals to take over accounts and commit fraud, drain accounts, and steal sensitive data.

Using the SpyCloud API, security teams can check user passwords against billions of plaintext passwords our research team has recovered from data breaches.

 

DOWNLOAD THE SOLUTION BRIEF

Easily Detect Weak or Compromised Passwords

Following NIST’s guidance to monitor user passwords poses a challenge for security teams. With SpyCloud, you can align with NIST password standards by detecting:

  • Exact employee credentials exposed in a third-party breach
  • “Fuzzy” credential matches, meaning a compromised password that has been reused with trivial changes
  • Any password that has appeared in the SpyCloud breach database, regardless of username
  • Dictionary words
  • Repetitive characters
  • Context-specific terms
LEARN MORE

Respond to Bad Password Hygiene

With hundreds of online accounts to keep track of, it’s no wonder users resort to bad habits like choosing weak passwords or reusing the same password across every account. For security teams, it’s challenging to detect this type of behavior at scale, especially when users recycle their work password with personal usernames and email addresses.

SpyCloud helps by enabling you to check user passwords against our entire repository of stolen credentials, so you can tell if a password has ever appeared in a breach—whether or not your user was involved. When a user chooses a password that has already appeared in our database, like the name of a popular sports team, you can easily take action.

Identify Stolen Passwords Before Criminals Can Use Them

Following NIST guidelines can help organizations mitigate the risk of account takeover—but getting access to exposed passwords early is key. Immediately after a breach, criminals contain stolen credentials within a select group of trusted advisors while they crack passwords and systematically monetize the information. After extracting as much value as possible over the course of 18 to 24 months, they finally allow breach data to leak to the deep and dark web where it can be picked up by mainstream sources. By that point, the worst damage has already been done.

SpyCloud helps you stay ahead of criminals and align with NIST password standards by gaining access to stolen credentials early in the breach timeline. Unlike scraping and scanning tools that collect data only once it becomes widely available, SpyCloud researchers use proprietary tradecraft to get you access to stolen data as soon as possible after a breach occurs.

Reduce Your Team’s Workload with Automation

Some of NIST’s password guidelines can be enforced easily using built-in features of most directory services. Others create substantial work for IT teams. But busy teams don’t have time to research new breaches as they emerge, make that data actionable, compare it to user credentials, and reset compromised passwords at scale.

SpyCloud makes it easy for you to automate the most challenging aspects of NIST password standards. Read our guide to learn best practices for enforcing NIST requirements, including step-by-step instructions for setting up Active Directory policies.

 

READ THE GUIDE

Contact us to test SpyCloud’s NIST password screening