Deploying a password strengthening tool and supporting resource for a FTSE 250 client

About the project
Project type Penetration and Red Team testing
Client FTSE 250 Asset Manager
Make an enquiry

Following a “penetration test” (in which a company hires ethical hackers to attempt to break through its defences) our client had established that hundreds of its users were able to enter its systems by using “password123” as their password. The attack also identified that there were hundreds of thousands of failed login attempts registered in the same day. 

The issue had arisen because of two factors: 

  1. The help desk process for users who had forgotten their password was to change it to “password123” and; 
  2. Security settings had not been updated to require users to then change that password the first time that they logged on with it. 

Working with our client, we deployed a password strengthening tool which allowed the organisation to align the password settings with security policy requirements. This forced users to have a password which met accepted complexity standards. 

However, the mandatory complexity of the passwords meant that the IT function was resistant to the change as it was more likely that users would get their passwords wrong and need to call the help-desk. 

To help alleviate this pressure, we provided backfill-resources to the help-desk and sent clear user communications on how to work more effectively with passwords so as not to experience frustration while maintaining security. 

To further embed good password habits, we followed this up with a tailored user training effort to show how easy it is to break weak passwords using password crackers and social engineering attacks. 

As many clients hold significant amounts of personal data, they must also ensure that their own confidential and their customers’ personal information is protected.  If you would like our help to identify deficiencies in your defences, then please get in touch with us at info@three-two-four.com or by phoning  +44 203 603 4733. 

Case Study Tags

Get in touch

If you’d like to discuss your cyber security concerns and how we could resolve them, please do get in touch.

Connect with us

Make an enquiry

    Other information you may be interested in

    Hey there, couldn’t help noticing you’re using Internet Explorer

    That’s great and all, and we commend you for pushing through with it. Unfortunately we no longer offer support for IE; it hasn’t received a major update since 2015 and Microsoft are dropping support for it later in the year.

    If you’re using Windows 10 and want to stick with a built in browser, please consider switching to Edge. Or, if you really want to enjoy the internet properly we strongly recommend downloading Google Chrome here.