nFront Password Filter Length-based Password Aging Configuration

Length-based password aging is a great option to consider. It allows you to reward users who choose longer passwords with a longer max password age. Generally speaking, longer passwords are more secure than shorter ones. Longer passwords will have to be changed less frequently. This will give you an opportunity to promote and reward the use of passphrases among your user base.

We invented this feature in 2017 and were the first in the industry to do so. Many customers have adopted it with great success. The only challenge is some compliancre requirements still required a fixed amount of time between password changes.

The nFront Password Filter product allows you to establish up to 4 different levels of password length and aging. Each level corresponds to a different security group in the Windows Active Directory. As users change passwords, they are synchronized into different groups based on password length. You will need to create the groups in AD when you use this feature. Users with the shortest password length will sync into nFrontExpirationGroup1 and uses with longer passwords will sync into other groups like nFrontExpirationGroup2 and so on. Each of those groups is configured with a max password age. You can always check each group to see who is using shorter vs longer passwords on the network.