Article Details

Why your password policy should include a custom dictionary. If your organization is like many, your employees may be relying on weak or easily guessable passwords — and inadvertently rolling out the red carpet for hackers and cybercriminals in the process. So how do you stop your staff from leaving the keys to your organization's data and systems under the proverbial doormat? Integrating a custom dictionary into your password policy should be part of the solution. In this post, we'll explore custom dictionaries: what they are, why you can't afford to ignore them, and how they fit into your cybersecurity strategy. We'll also provide examples of the kinds of words and terms your custom dictionary should include and discuss how a tool like Specops Password Policy can seamlessly integrate these dictionaries into your existing Active Directory password policy. What are custom dictionaries? Custom dictionaries are specialized lists of words, phrases, and character combinations that end users are prohibited from using when creating their passwords. A custom dictionary should be much more than a standard word list; it should include terms specific to your organization, as well as common words and phrases associated with your industry. Essentially, incorporating a custom dictionary into your password policy gives your organization an additional layer of defense against targeted credential-based attacks.  Why are custom dictionaries needed? Custom dictionaries are important for numerous reasons: How is your organization’s overall Active Directory password health? Find out now with a free, read-only check with Specops Password Auditor.  Custom dictionary examples To better understand the concept of custom dictionaries, imagine that you handle IT for the Mid Cheshire NHS Foundation Trust – a regional healthcare foundation who reached out to Specops to help strengthen their password security. As you’re creating custom dictionaries for your organization, you’d want to include words and terms like:  Industry terms As in other industries, healthcare professionals often default to industry jargon when creating passwords. To better protect your organization, you’d want to ensure your custom dictionary included terms that an attacker familiar with the healthcare sector might try first. Examples include: Organization-specific terms Terms unique to your organization would be among the first guesses for anyone targeting it specifically. To reduce the risk of these targeted attacks, ensure that your custom dictionary prevents their use in passwords. Examples include: Common password patterns In addition to industry and organization-specific terms, you want to prevent users from relying on common, easily guessable formats. Prohibiting users from following common password patterns will force them to create unique passwords. Examples include: Specops Password Policy makes custom dictionaries easy Integrating custom dictionaries into your password policies will help enhance your organization’s security, keeping your users, data, and systems safe. But what’s the best way to make that happen? For most organizations, a tool like Specops Password Policy is your best bet. With Specops Password Policy, you can easily create and import tailored lists of prohibited passwords, seamlessly integrating them into your Active Directory environment.  Combining your custom dictionaries with Specops' breached password protection feature — which scans your Active Directory for over four billion known compromised passwords — allows you to mount a powerful defense against dictionary attacks and password reuse. These tools will allow you to enhance your organization’s Active Directory password security, reduce risk of security breach, and ensure you are meeting compliance with industry standards. Ready to make your organization more secure by adding a custom dictionary and banishing over four billion+ compromised passwords?   Try Specops Password Policy for free.  Sponsored and written by Specops Software.