Password Management Tag

ExchangeDefender Introduces Password Vault

It’s my pleasure to introduce you to the most significant expansion of ExchangeDefender Security services in years: ExchangeDefender Password Vault. We have designed a user-friendly product that delivers military grade encryption, provides a layered authentication model, and ties into your business process for sharing and auditing – completely free for all ExchangeDefender Pro clients.

As explained in an earlier post the task of securing a business or any other organization is getting more complex with a new variety of hack attempts as well as an increasing demand from regulatory compliance standards that touch virtually every business in the world. It is no wonder that overwhelmed workers typically use the same password, that they rarely change it, and that storage of those passwords is negligent for the sole reason that “it works” and doesn’t create additional complexity. Unfortunately, that convenience leads to security compromises.

At ExchangeDefender, our mission is to keep you secure, and we’ve taken every advantage we get with Wrkoo to bring you a password solution that not only keeps you secure but helps you work better, smarter, and more efficiently. And, yes, we’ve made it free. You can expect to pay $50/user/year for consumer level protection and well over $100/user/year for business level password management – and we’ve made it free for a very simple reason. If you get compromised and hacked because Excel/SharePoint/Word “works”, your odds of staying in business are virtually zero (and our revenues depend on you staying in business). So yes, we’re highly motivated to keep you secure.

Getting started with ExchangeDefender and Password Vault is super simple: Login to https://admin.exchangedefender.com as you usually do to manage your SPAM and click on Quick Launch > Password Vault.

From there you will be redirected to your organization’s Wrkoo portal. The first step will be to create a master password to protect the vault and encrypt the keys needed to unlock your passwords. Literally everything is encrypted, end-to-end, so you’ll want to pick something you can remember. Just don’t write it down on a post it.

The system will then walk you through setting up your first password. This is also exceptionally simple:
Set up your first password.

Wrkoo and ExchangeDefender already provide enterprise-grade one time password / multi factor authentication but if you really want to lock things down there is a second level of authentication that can be enabled – turning either your cell phone or email address into an additional authentication device.

Congratulations, it took five (5) clicks for you to take advantage of an enterprise password management solution with military grade encryption that nobody but you can get into. Here is what it looks like live:

This is the initial release and it allows you to create new passwords and perform usual maintenance and audit steps, but we’ve made certain to start implementing business intelligence immediately. You will know when the password was created, and when it was updated. The system will also let you know when the password should expire – so you can handle password resets and updates on important sites at your own schedule and pace – not when you really need to get into your checking account or loyalty card or reservation that forces you through the dreaded password reset process.

We’re busy at work with additional business features such as sharing, team lock boxes, audits, dark web searches, and tons of other functions. But what we have available right now – for free – is so important and so powerful that I am ending this blog post right now and begging you to go get enrolled and started with Password Vault right now. Let’s go to https://admin.exchangedefender.com

ExchangeDefender has been SMB friendly – to a fault, but the era of terrible passwords and plain text passwords is finally over. Not a single piece of ExchangeDefender stores (or offers) user credentials in plain text anymore. We’ve made the transition exceptionally smooth as well, requiring no changes or IT intervention at all.

But we cannot encourage it enough. And over the next year you will see us introduce several features meant to help you lock down ExchangeDefender and use it to lock down your overall IT security strategy. We’re happy to introduce password age configuration that allows you to force users to reset their passwords automatically.

This setting can be accessed from the Domain Administrator > Policies > Features section of admin.exchangedefender.com

When the password is older than your preset number of days (by default, 90) the user will see an ugly red notice telling them to update their password.

If you set the password expiration to 0 days you will turn this feature off entirely but we cannot discourage it more. The feature is there to help your users avoid having their accounts compromised.

If you implement some of these stronger security features we’ve also got you when it comes to minimizing account management – users can reset their password at any time if they have their PIN on them. So even if their mail server is down, having their PIN handy will let them reset the password without additional authentication. Forgot your pin? No problem, we can email you a reset link to a known email address.

As you can tell, ExchangeDefender will go the extra step of helping your users configure a strong password. It will also keep memory of recent passwords so that they can’t just rotate it back and forth between the same two passwords they use elsewhere.

As you’ve seen with mass password resets , access to advanced access logging , known trusted devices and IP restrictions , we are adding more, and more, of our enterprise features to the ExchangeDefender Pro product.

To hear about all these new security features in more detail please check out the webinar  that covers our current security portfolio and how these features make sense.

 

Password Policies

You’ve seen us blog endlessly about improved security that is being rolled out with all the brand new features across our entire product and service portfolio. Trust us, this is not a simple process of just changing the password complexity requirements, people hate password changes and for the most part have become predictable in what their current and next password will be. Add to it the fact that almost everyone uses the exact same password all over the web and not a single day passes by without at least one major provider having a data breach. Sometimes it becomes comical – even LifeLock had a security issue today where they exposed a bunch of data and had to take their site offline!

So passwords suck and short of using our One Time Password / Two Factor Authentication service, it’s going to remain that way. The cool thing about ExchangeDefender, and all of our service, is that we’re going to help you better manage security and password expiration so that your users and services can remain protected and still user friendly.

New password policy at ExchangeDefender, for all of our services going forward, will be a required mixture of upper case, lower case, numbers and special characters with minimum length of 9 characters.

That is just the beginning. Some services will require a transparent OTP/2FA using your email address or cell phone as an additional real-time identity verification process. If you are about to make a large-scale change, we want to make sure it’s you and not just someone that got your password. Calling in will now require PIN or txt verification as will any service request changes – the cool thing is, if you can provide us with that information we can do just about everything you want or need through phone and chat.

The reality of security on the web is that it’s as weak as the laziest user – and it only takes one careless one to mess up the entire organization. We are on your side, we are on your team – that’s why you hire ExchangeDefender – so we’re stepping things up in terms of support and management functionality to help identify, train, and assist users when they run into an issue. Passwords and password changes may continue to suck until the end of time – but we are currently making huge changes in the way we handle support in order to help our partners and CIO’s become more productive by letting us both better secure and support users.