We completely understand. You had an audit last year and one of your action plans was to create a more secure password policy because employees were using Password1 as their password. Chances are, there are probably numerous words like “summer,” “password,” and “January” being used in passwords. These are obviously not secure passwords, and you’re needing a quick and easy fix before the next audit.
Implementing a password filter for Windows Active Directory is a quick and easy solution to satisfy the audit requirement. The nFront Password Filter includes numerous features for enhancing Windows Password Complexity. The specific feature you’ll be looking to implement is dictionary checking, also known as password blacklisting. This will prohibit 1 in employee passwords.
Read this article for a detailed guide on how to install the nFront Password Filter software. It is a very straightforward product that is easy to install and maintain.
After the software is installed, you’ll want to begin configuring your password policy. In addition to password blacklisting, we have a few “one-click” password policy options that you may want to review. The two most popular “one-click” password policy options are the Stanford Password Policy and Length-Based Aging. In summary, the Stanford Password Policy allows end-users to have control over the password complexity requirements based on the length of passwords they select. Length-Based Password Aging allows you to enforce different maximum password ages for different lengths of passwords. Both options reward users for selecting longer passwords. From an IT standpoint, longer length passwords are generally more secure than shorter length passwords.
For dictionary checking, we always recommend customizing the word list for your company. For example, you will want to make sure your company name and industry-specific words are included. Our dictionary is very comprehensive with 27,000+ words. However, many company names are not listed. Read this article on how to customize the dictionary file. You now have the ability to check a password against the haveibeenpwned file of breached passwords. The file has 572 million breached passwords and we can scan it in about 60 milliseconds! Additionally, we have a new, updated global dictionary with full customization
After the software is installed on your domain controller(s), you can easily have a domain-wide password policy configured within approximately 10 minutes if you are selecting a “one-click” password policy and adding your company name and industry-specific words to the dictionary file.
To begin a free trial of the nFront Password Filter software, click here.