Anti-phishing solution supplier KnowBe4 has publicized a vulnerable PIN check device that can be utilized by organizations to evaluate threats linked to the usage of vulnerable PINs.
Vulnerable PINs are often cited as among the main methods used by cybercriminals to access business networks. Vulnerable PINs can be easily predicted and provide little opposition to brute force attacks. The latest study carried out by Verizon indicated that 81% of hacking linked data breaches were carried out by using vulnerable PINs.
KnowBe4 Chief Executive Officer, Stu Sjouwerman, clarified that “Using a vulnerable PIN is an open-door offer to cybercriminals.”
Although it’s common knowledge that strong PINs must be used to safeguard accounts, end users often disregard advice and select easy to remember PINs.
IT security experts are well conscious that workers often select their PINs poorly. Therefore password policies are introduced to avoid vulnerable PINs from being used. Nevertheless, password policies aren’t always applicable.
The new vulnerable PIN check tool lets IT security experts to conduct a test to identify whether any vulnerable PINs have been chosen by end users. The vulnerable PIN test device checks for accounts that don’t have password authentication, blank passwords, passwords used on several accounts, dictionary words, common passwords, and passwords that never expire.
The vulnerable PIN test device also checks for accounts which use a LAN Manager hash for stowed passwords, Kerberos DES-Only accounts, missing AES keys and accounts that don’t encrypt authentication requests.
KnowBe4’s vulnerable PIN test device has been made available free of cost for companies that use Active Directory. The device can be used to locally evaluate a company for password-related weaknesses. To make sure that security isn’t compromised, the device doesn’t detail any vulnerable PINs that it discovers. The device only informs on the accounts that have vulnerable PINs set.
“KnowBe4’s announcement of vulnerable PIN Test furthers our task to enable IT experts with proactive devices to discover dangers and train their users to have safety top of mind,” said Sjouwerman. “Vulnerable PIN Test makes it easy and quick to identify vulnerable PINs so IT executives can take effective action quickly.”