Industry Insights with Josh Horwitz

Access Management , Account Takeover Fraud , Fraud Management & Cybercrime

Introducing Continuous Password Protection for Active Directory

The Industry's 1st Active Directory Plugin That Helps Organizations Prevent Use of Compromised Passwords According to NIST 800-63b Guidelines
Introducing Continuous Password Protection for Active Directory

Passwords remain the primary method for protecting employee accounts yet passwords also continue to be a major threat vector to businesses and organizations year-after-year because of use of unsafe credentials. According to Verizon's 2019 Data Breach Investigations Report, 29% of the breaches studied involved the use of stolen credentials.

And in a recent study by OneLogin, 92% of companies in the US and 95% of companies in the UK, feel secure with current password protection methods, yet the majority do not screen passwords against commonly used passwords.

  • 35.3% in the US check against common password lists
  • 33.7% in the UK check against common password lists

With widespread use of Active Directory across industries and organizations of all sizes, it is frequently a target for bad actors who can use a cracking dictionary or exposed credentials to gain unauthorized access to an employee's account. Because of employee password reuse across different accounts, password screening is a critical part of an organizations cybersecurity policy.

But common and dictionary passwords represent only a small percentage of vulnerable passwords and don't account for the ever-evolving cracking dictionaries used by hackers. Furthermore, screening as part of a security audit isn't enough.

What Can be Done?

Passwords need to be checked both at creation and on a continuous basis. Checking at password setup or reset is essential to ensure unsafe passwords aren't being created. Checking on a continuous basis is also essential because a password that was safe yesterday, may not be safe today.

To assist in obstructing cybercriminals from accessing employee and organizational accounts, Enzoic for Active Directory can help fulfill NIST 800-63b requirements for real-time blocking of unsafe passwords both at set-up and provide continuous monitoring of those same passwords to ensure they don't become vulnerable later.

The service gives organizations new ammunition in the ongoing fight against the use of compromised passwords. It helps organizations protect against this threat by screening users' passwords against its proprietary database of compromised credentials, a continuously updated catalogue obtained using dedicated threat research and advanced automation technologies.

Introducing Continuous Password Protection

Continuous Password Protection, a new feature in Enzoic for Active Directory 2.0, automatically triggers a response if a password becomes vulnerable. This capability enables Active Directory administrators to automate the effort in satisfying NIST 800-63bB. If an unsafe password is detected, automated notification and follow up action is triggered - ranging from prompting the user to change their password upon the next login to instantly disabling the account, depending upon the organizations' policies.

To date, much of the password security surrounding Active Directory has focused on complexity rules and forced periodic or quarterly password resets. These practices frustrate users and research has shown them to be ineffectual, as people tend to create much weaker passwords when faced with greater complexity requirements and forced password resets.

Enzoic for Active Directory removes those burdens while simultaneously strengthening security. By screening passwords both at their creation and monitoring them on a daily basis, we're giving our customers a leg up in their battle against unauthorized account access.

NIST 800-63b

Enzoic for Active Directory 2.0 also aids in compliance with NIST 800-63b in the following ways:

  • Screening passwords against a list of commonly used passwords, passwords in cracking dictionaries, or compromised passwords
  • Password checks are performed when passwords are being created and continue to be performed daily on an ongoing basis against a live database, not a static list
  • If a compromised password is detected at creation or during monitoring, an immediate response is triggered
  • By continuously monitoring for the use of compromised credentials, organizations can stop enforcing periodic or quarterly password resets, meaning that users only need to change their password if it is compromised

For more on Enzoic for Active Directory, please visit: or sign up for a free trial at:

About the Author

Josh Horwitz

Josh Horwitz

Chief Operating Officer, Enzoic

Horwitz is an enterprise software executive and entrepreneur with over 25 years experience. He was the founder of the cloud-based, enterprise customer-marketing platform, Boulder Logic, whose clients included Microsoft, Siemens, Dell, and CSC. He grew the company as CEO over 46 consecutive profitable quarters and ultimately lead the company's exit in 2015. Prior to founding his company, Horwitz held senior technology and sales positions with both start-ups and Fortune 500 companies, including IBM where he developed marketing programs to help build Lotus Domino to over 40 million users. He is currently advising start-ups, non-profits, and social enterprises.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.