nFront Password Filter Settings vs. Windows Server 2022 Password Settings (and Server 2019, 2016, 2012, and 2008)
Below you can see the advantages and felxibility nFront Password Filter.
| Password Policy Setting: | Windows 2022/2019/2016 | nFront Password Filter |
| Minimum Password Length (in characters) | Yes, but you cannot set the min to 15+ chars. | YES, you can set the min. length from 1 to 256 characters. |
| Maximum Password Length (in characters) | YES | |
| Reject passwords that don't contain at least <value> of the following character types | 3 character types only** | 1-4 character types |
| Ability to set min/max numeric characters in password. | YES | |
| Ability to set min/max upper case characters in password. | YES | |
| Ability to set min/max lower case characters in password. | YES | |
| Ability to set min/max special characters in password | YES | |
| Ability to require spaces (for passphrases) | YES | |
| Ability to limit the use of only a specific set of special characters (useful for ensuring mainframe password compatibility). | YES | |
| Reject passwords that do not meet SAP rules | YES | |
| Reject passwords that contain vowels (a,e,i,o,u,y) | YES | |
| Reject passwords that contain 2 consecutive identical characters | YES | |
| Reject passwords that begin with a number. | YES | |
| Reject passwords that end with a number. | YES | |
| Reject passwords that begin with a special character. | YES | |
| Reject passwords that end with a special character. | YES | |
| Reject passwords that contain the username. | yes** | YES |
| Reject passwords that contain any part of the user's full name. | yes** | YES |
| Ability to check password against known breached passwords | YES | |
| Ability to check password against a customizable dictionary of common passwords | YES | |
| Ability to check password against common character substitutions for dictionary words (like pa$$word) | YES | |
| Ability to skip dictionary checking for longer passwords (great setting for enforcing passphrases without sacrificing complexity of short passwords). | YES | |
| Support for multiple password policies in the same domain | yes* | Up to 10 |
*The policies still maintain the basic criteria of min length, min/max age and history. There is no GUI to administer fine grained policies.
** Windows Settings allow only a hard-coded “complexity” setting which requires:
- Passwords contain 3 of 4 character sets (upper, lower, numeric and special sets)
- Password cannot contain userid
- Password cannot contain any part of user’s full name.
This “complexity” setting is hard-coded into the operating system and is not flexible. It is either turned off or on.