Wave Systems Corp. (fka WAVXQ)

[Genz2]

Azure AD Password Protection Available, Lowers Spray Attack Risks

https://www.bleepingcomputer.com/news/security/azure-ad-password-protection-available-lowers-spray-attack-risks/

The Azure Active Directory (AD) Password Protection feature which blocks commonly used and compromised passwords to dramatically reduce the risks raised by password spray attacks is now generally available.

While already in public preview since June 2018, Azure AD Password Protection now allows all admins to prevent users of cloud and hybrid environments from picking passwords which are easily guessable or known to have been included in recent data breaches, thus making it a lot harder for malicious actors to abuse them with password spray attacks.

As detailed in the initial blog post describing the feature when it was first launched in public preview, Azure AD Password Protection allows administrators to:

•Protect accounts in Azure AD and Windows Server Active Directory by preventing users from using passwords from a list of more than 500 of the most commonly used passwords, plus over 1 million character substitution variations of those passwords.
•Manage Azure AD Password Protection for Azure AD and on-premises Windows Server Active Directory from a unified admin experience in the Azure Active Directory portal.
•Customize your Azure AD smart lockout settings and specify a list of additional company-specific passwords to block.

As further explained by the Microsoft Identity Division's Corporate VP of Program Management Alex Simons, Azure will "regularly updates the database of banned passwords by learning from billions of authentications and analysis of leaked credentials across the web. By checking all the password set or reset operations for your organization, password protection ensures that only passwords meeting your, and our, standards exist in your directory."

Azure AD Password Protection now also comes with an updated banned passwords algorithm, and it will take into account both custom password lists and the lists provided by Microsoft via Azure AD making it possible to block an ever-increasing range of blacklisted passwords.

When users will try to change their password to one from the global and custom banned password lists, they will see the following error: "Unfortunately, your password contains a word, phrase, or pattern that makes your password easily guessable. Please try again with a different password."

To get started with Azure AD Passwords Protection, users have to sign-in to Azure Portal using a global administrator account, navigate to the Azure Active Directory, and then to the Authentication methods blade, which will display the password Password protection as shown in the screenshot above.

Also, to be able to use the new Azure AD Password Protection feature with Windows Server Active Directory, one has to "download the agents from the download center and use the instructions in the Password Protection deployment guide."

After being toggled on by a global administrator, the Windows Server Active Directory Password Protection setup process can be finished by security admins for both Active Directory forests and proxy agents.
==================================================================
Using Wave VSC 2.0 would be easier and more effective. There wouldn't be problems of changing passwords against a huge list since the second factor of authentication (TPM) would be protection with the PIN. Wave VSC 2.0 is easier and better security than AD Password Protection, and of course, offers many other interesting features that are listed at the link below.
==================================================================
https://www.wavesys.com/products/wave-virtual-smart-card

What can it be used for?

What do you use your smart card for today? With the exception of keying open the door at work, Wave Virtual Smart Card can perform any of the services or applications you rely on your smart card for today. Secure VPN, WiFi, remote desktop, cloud applications – it can all be done with a virtual smart card.