Set and enforce secure password policies for accounts.
Techniques Addressed by Mitigation
Refer to NIST guidelines when creating password policies.
Ensure that local administrator accounts have complex, unique passwords across all systems on the network.
|Enterprise||T1503||Credentials from Web Browsers||
Organizations may consider weighing the risk of storing credentials in web browsers. If web browser credential disclosure is a significant concern, technical controls, policy, and user training may be used to prevent storage of credentials in web browsers.
|Enterprise||T1081||Credentials in Files||
Establish an organizational policy that prohibits password storage in files.
|Enterprise||T1214||Credentials in Registry||
Do not store credentials within the Registry.
Use strong passwords to increase the difficulty of credential hashes from being cracked if they are obtained.
Ensure strong password length (ideally 25+ characters) and complexity for service accounts and that these passwords periodically expire. Also consider using Group Managed Service Accounts or another third party product such as password vaulting.
The password for the user's login keychain can be changed from the user's login password. This increases the complexity for an adversary because they need to know an additional password.
|Enterprise||T1075||Pass the Hash||
Ensure that built-in and created local administrator accounts have complex, unique passwords.
|Enterprise||T1097||Pass the Ticket||
Ensure that local administrator accounts have complex, unique passwords.
|Enterprise||T1201||Password Policy Discovery||
Ensure only valid password filters are registered. Filter DLLs must be present in Windows installation directory (
Use strong passphrases for private keys to make cracking difficult.
Ensure SSH key pairs have strong passwords and refrain from using key-store technologies such as ssh-agent unless they are properly protected.
Verify that account credentials that may be used to access deployment systems are unique and not used throughout the enterprise network.
|Enterprise||T1537||Transfer Data to Cloud Account||
Consider rotating access keys within a certain number of days to reduce the effectiveness of stolen credentials.
Applications and appliances that utilize default username and password should be changed immediately after the installation, and before deployment to a production environment. When possible, applications that use SSH keys should be updated periodically and properly secured. Ensure that local administrator accounts have complex, unique passwords across all systems on the network.
In cloud environments, consider rotating access keys within a certain number of days for reducing the effectiveness of stolen credentials.
|Enterprise||T1077||Windows Admin Shares||
Do not reuse local administrator account passwords across systems. Ensure password complexity and uniqueness such that the passwords cannot be cracked or guessed.