In 2016 the Verizon Data Breach Investigations Report (DBIR) stated that 63% of confirmed data breaches leverage a weak, default, or stolen password. The 2017 Verizon DBIR reported that 81% of hacking-related breaches leveraged either stolen and/or weak passwords. And in the 2018 DBIR, use of stolen credentials remains a number one action in breaches. Attackers have demonstrated a consist ability to compromise accounts by leveraging passwords from prior breaches. For that reason, NIST Special Publication 800-63B (Authentication and Lifecycle Management, section 18.104.22.168*) recommends the use of “Memorized Secret Verifiers” such as the StealthINTERCEPT Enterprise Password Enforcer to reduce an attacker’s chances of compromising credentials.
StealthINTERCEPT 5.2 expands on the capabilities of STEALTHbits Enterprise Password Enforcer to include:
Custom complexity - the ability to reject specific passwords that do not contain the characters from a set list. This is configurable on both the numeric and character level. Curated dictionary - the ability to reject passwords based on the fact that they are vulnerable to attack from a dictionary or hybrid cracking algorithm.