Why your password coverage ought to embody a customized dictionary wordlist

In case your group is like many, your workers could also be counting on weak or simply guessable passwords — and inadvertently rolling out the pink carpet for hackers and cybercriminals within the course of. So how do you cease your employees from leaving the keys to your group’s information and techniques underneath the proverbial doormat? Integrating a customized dictionary into your password coverage must be a part of the answer.

On this publish, we’ll discover customized dictionaries: what they’re, why you may’t afford to disregard them, and the way they match into your cybersecurity technique.

We’ll additionally present examples of the sorts of phrases and phrases your customized dictionary ought to embody and talk about how a instrument like Specops Password Coverage can seamlessly combine these dictionaries into your present Energetic Listing password coverage.

What are customized dictionaries?

Customized dictionaries are specialised lists of phrases, phrases, and character mixtures that finish customers are prohibited from utilizing when creating their passwords. A customized dictionary must be way more than a regular thesaurus; it ought to embody phrases particular to your group, in addition to frequent phrases and phrases related along with your trade.

Primarily, incorporating a customized dictionary into your password coverage offers your group a further layer of protection in opposition to focused credential-based assaults. 

Why are customized dictionaries wanted?

Customized dictionaries are vital for quite a few causes:

• Finish customers create weak or easily-guessed passwords: Even along with your greatest training efforts, people are creatures of behavior — that means many customers will go for easy-to-remember (and subsequently easy-to-guess) passwords. These embody private info (their partner’s identify), frequent phrases (admin, password), or easy variations of banned passwords (qwerty123!). One other tempting and memorable choice is to decide on phrases associated to your particular enterprise or trade.
• Threat of brute pressure/hybrid dictionary assaults: Cybercriminals ceaselessly make use of brute pressure and hybrid dictionary assaults to crack passwords — and if you happen to don’t have a customized dictionary in place, these sorts of assaults may be extraordinarily efficient. For instance, they could add your group’s identify and merchandise to their assault dictionaries, within the hope that at the very least a handful of finish customers have used these phrases of their passwords.
• Social engineering and focused assaults: Cybercriminals can simply collect details about your group and its workers by way of social media and different public sources. Then, they will use this data to create focused phrase lists for his or her password-cracking makes an attempt. Guaranteeing your customized dictionary contains company-specific phrases and customary worker info will help thwart these assaults. 
• Business-specific vulnerabilities: Each trade has its jargon and generally used phrases, and hackers use this data to higher goal their password assaults. Remember to beef up your customized dictionary with trade lingo — it is a easy method so as to add an additional layer of safety to your password coverage.

How is your group’s general Energetic Listing password well being? Discover out now with a free, read-only test with Specops Password Auditor. 

Customized dictionary examples

To raised perceive the idea of customized dictionaries, think about that you just deal with IT for the Mid Cheshire NHS Basis Belief – a regional healthcare basis who reached out to Specops to assist strengthen their password safety. As you’re creating customized dictionaries to your group, you’d wish to embody phrases and phrases like: 

Business phrases

As in different industries, healthcare professionals typically default to trade jargon when creating passwords. To raised shield your group, you’d wish to guarantee your customized dictionary included phrases that an attacker accustomed to the healthcare sector would possibly attempt first. Examples embody:

• NHS (Nationwide Well being Service)
• A&E (Accident and Emergency)
• Triage
• Outpatient
• Inpatient

Group-specific phrases

Phrases distinctive to your group can be among the many first guesses for anybody focusing on it particularly. To scale back the danger of those focused assaults, make sure that your customized dictionary prevents their use in passwords. Examples embody:

• Mid Chesire
• NE (acronym)
• Basis belief
• Ward names (e.g., Nightingale, Florence)
• Division names (e.g., Radiology, Pathology)
• Hospital constructing names (e.g., Victoria Wing)

Widespread password patterns

Along with trade and organization-specific phrases, you wish to forestall customers from counting on frequent, simply guessable codecs. Prohibiting customers from following frequent password patterns will pressure them to create distinctive passwords. Examples embody:

• NHS2024!
• Welcome123!
• ChangeMe1!
• NurseRN2024
• Dr[Lastname]2024

Specops Password Coverage makes customized dictionaries straightforward

Integrating customized dictionaries into your password insurance policies will assist improve your group’s safety, holding your customers, information, and techniques secure. However what’s one of the simplest ways to make that occur? For many organizations, a instrument like Specops Password Coverage is your greatest wager.

With Specops Password Coverage, you may simply create and import tailor-made lists of prohibited passwords, seamlessly integrating them into your Energetic Listing atmosphere. 

Combining your customized dictionaries with Specops’ breached password safety characteristic — which scans your Energetic Listing for over 4 billion recognized compromised passwords — lets you mount a strong protection in opposition to dictionary assaults and password reuse.

These instruments will permit you to improve your group’s Energetic Listing password safety, cut back danger of safety breach, and guarantee you might be assembly compliance with trade requirements.

Able to make your group safer by including a customized dictionary and banishing over 4 billion+ compromised passwords?  

Attempt Specops Password Coverage at no cost. 

Sponsored and written by Specops Software program.