nFront Password Filter Settings vs. Windows 2008/2012/2016 Password Settings
Below you can see the advantages and felxibility nFront Password Filter.
| Password Policy Setting: | Windows 2008/2012/2016 | nFront Password Filter |
| Minimum Password Length (in characters) | Yes, but you cannot set the min to 15+ chars. | YES, you can set the min. length from 1 to 256 characters. |
| Maximum Password Length (in characters) | YES | |
| Reject passwords that don't contain at least <value> of the following character types | 3 character types only** | 1-4 character types |
| Ability to set min and max numeric characters in password. | YES | |
| Ability to set min and max upper case characters in password. | YES | |
| Ability to set min and max lower case characters in password. | YES | |
| Ability to set min and max alpha characters in password. | YES | |
| Ability to set min and max non-alphanumeric characters in password | YES | |
| Ability to limit the use of only a specific set of special characters (useful for ensuring mainframe password compatibility). | YES | |
| Reject passwords that do not meet SAP rules | YES | |
| Reject passwords that contain vowels (a,e,i,o,u,y) | YES | |
| Reject passwords that contain 2 consecutive identical characters | YES | |
| Reject passwords that begin with a number. | YES | |
| Reject passwords that end with a number. | YES | |
| Reject passwords that begin with a special character. | YES | |
| Reject passwords that end with a special character. | YES | |
| Passwords must contain a numeric character in position <value>. | YES | |
| Passwords must contain a special character in position <value>. | YES | |
| Password must contain special character before character number <value>. | YES | |
| Reject passwords that contain the username. | yes** | YES |
| Reject passwords that contain any part of the user's full name. | yes** | YES |
| Ability to check password against a dictionary of common passwords | YES | |
| Ability to check password against common character substitutions for dictionary words (like pa$$word) | YES | |
| Ability to skip dictionary checking for longer passwords (great setting for enforcing passphrases without sacrificing complexity of short passwords). | YES | |
| Support for multiple password policies in the same domain | yes* | Up to 6 |
* Requires you to run domain in Windows 2008 native mode. The policies still maintain the basic criteria of min length, min/max age and history. There is no GUI to administer fine grained policies.
** Windows Settings allow only a hard-coded “complexity” setting which requires:
- Passwords contain 3 of 4 character sets (upper, lower, numeric and special sets)
- Password cannot contain userid
- Password cannot contain any part of user’s full name.
This “complexity” setting is hard-coded into the operating system and is not flexible. It is either turned off or on.