Password blacklisting is the idea of establishing a list of passwords that are not allowed on the network. Passwords like "Password123" and "Summer2025" should certainly not be allowed on any network.
There are several challenges to developing a good blacklist. You don't need the headache of thinking through all the variations of "password-something" that a user may come up with. Maybe you block "Password1" but not "Password!" or "Password2025." This is where our approach to dictionary blacklisting is very effective. When configured to check the dictionary, our system scans an easily customized plain-text file, and if the dictionary line entry (can be a word or phrase) is contained within the new password, it is blocked. By placing an entry in the dictionary for "password" you are assured no one can use that word within any new password. This gives great broad coverage to stop the multitude of variations you may miss when developing your blacklist.
The nFront Password Filter product allows you to establish up to 4 different levels of password length and aging. Each level corresponds to a different security group in the Windows Active Directory. As users change passwords, they are synchronized into different groups based on password length. This also gives you great insight as to which users are staying with shorter passwords and could use some encouragement to adopt longer ones.
We provide a dictionary that contains about 6000 entries. The entries cover common passwords, seasons, months, sports teams, common names, etc. Of course, the dictionary we provide will not contain your company name, products, brands, and other highly localized knowledge like nearby restaurants, minor league sports teams, local school mascots, etc. We always suggest you add to our dictionary. You should add at least 200 terms that are local to your company, industry, products, location, etc. We have a tool to help with this. We have partnered with a new company that offers a website scanning tool. The tool can scan your website (and/or blog) and develop a list of unique terms found across hundreds or thousands of web pages. You can learn more about the tool here
With new guidance from NIST and other policies, many customers wish to block the use of passwords that have been breached on the Internet. There are many sources of breached internet passwords. You can find a comprehensive list of password breach lists here. Perhaps one of the most widely used "breach" databases is the file breached passwords maintained on the HIBP website. Our nFront Password Filter application can be configured to work directly with that file of breached passwords. The latest file as of the writing of this post contains 572 million breached passwords. Because the passwords are hashed you cannot see the originals so you do not know with certainty what is there. In our professional opinion, it is a good idea but you always want to run your own password blacklist as well. To learn more about how our password filter works with the list of breach passwords you can visit this page.