Password authentication-Describe security, compliance, privacy, and trust in Microsoft 365

A password is something you know, and this has been the standard means of authenticating users’ identities for many years. Password authentication costs nothing to implement, and it can be relatively secure. However, there are many possible flaws in the password authentication model. For example, passwords can be forgotten, shared, written down, easily guessed, or overly simple.

Administrators can create policies that specify rules for creating and maintaining passwords to prevent users from creating passwords that provide too little security. Operating systems and directory services, such as Entra ID and AD DS, include tools that administrators can use to create and enforce such policies.

In Entra ID, user accounts are subject to the following password policies:

  • Characters allowed Specifies the characters that users may use when creating passwords, including upper- and lowercase alphabetical characters, numbers, blank spaces, and most symbols.
  • Password restrictions Specifies that passwords must have from 8 to 256 characters and contain three of the following four character types: uppercase, lowercase, number, and symbol.
  • Password expiry duration Specifies that passwords expire in 90 days by default. The value can be modified using the Set-MsolUser PowerShell cmdlet.
  • Password expiry notification Specifies that the user will receive a password expiration notification 14 days before the password is set to expire. The value can be modified using the Set-MsolPasswordPolicy PowerShell cmdlet.
  • Password expiry Specifies a default value of False, indicating that the password will expire after the Passwords expiry duration interval. The value can be modified using the Set-MsolUser PowerShell cmdlet.
  • Password change history Specifies that users cannot reuse the same password when changing passwords.
  • Password reset history Specifies that users can reuse the same password when resetting a forgotten password.
  • Account lockout Causes users to be locked out of their accounts for one minute after 10 unsuccessful but unique sign-in attempts. Additional unsuccessful attempts result in longer lockout intervals.

In AD DS, administrators can configure password settings using Group Policy. The available settings have slightly different names, but their functions are essentially the same.

These password policies are designed to prevent users from creating overly simple passwords for convenience, but password security is difficult for administrators to enforce. Users can still create passwords that would be easy for attackers to guess by using their children’s names and birthdays, for example. There is also no software setting that can prevent users from writing their passwords down or sharing them with their coworkers.

As threats to network security become ever more severe, administrators have sought ways to enhance the security of the authentication process. Alternative authentication methods have been available for many years, which could conceivably augment or replace passwords, but until recently, these technologies were too expensive or inconvenient to be practical for the average user base. The increased need for identity protection has brought these authentication technologies to a wider market, resulting in lower prices. And the need is constantly increasing. Microsoft 365 includes the ability to enhance the authentication process’s security in various ways.

Multifactor authentication

Multifactor authentication is a procedure in which users prove their identities in two or more ways. Typically, in addition to a password—something you know—users must supply a different authentication factor: something you are or something you have.

Leave a Reply

Your email address will not be published. Required fields are marked *

Search

Popular Posts

  • Summary-Describe security, compliance, privacy, and trust in Microsoft 365
    Summary-Describe security, compliance, privacy, and trust in Microsoft 365

    Thought experiment In this thought experiment, demonstrate your skills and knowledge of the topics covered in this chapter. You can find the answers to this thought experiment in the next section. Ralph is the Director of the Brooklyn datacenter at Contoso Corp. The company currently has three office buildings in the New York area with…

  • Anticipating threats-Describe security, compliance, privacy, and trust in Microsoft 365
    Anticipating threats-Describe security, compliance, privacy, and trust in Microsoft 365

    Arguably, the most difficult part of the risk management planning process is trying to anticipate all the possible threats that could afflict the company’s data in the future. The three basic risk factors for the data—confidentiality, integrity, and availability—can be exploited in any number of specific ways, but the general threat categories are listed in…

  • Classifying users-Describe security, compliance, privacy, and trust in Microsoft 365
    Classifying users-Describe security, compliance, privacy, and trust in Microsoft 365

    The third element of the digital estate that must be considered when creating a risk management plan is the people who actually access the data. Whether deliberately or inadvertently, users are a constant vulnerability—if not an actual threat—to the organization’s data. After quantifying the organization’s information assets and their value and inventorying the hardware used…

Tags

There’s no content to show here yet.