Password Policy Agent
Password Policy Agent (PPA) uses a comprehensive layered approach to analyse a password, ensuring it meets the requirements of your security policy. PPA uses a mixture of a rules engine, custom blacklist, heuristic scanning and a dynamic cloud-based password blacklist database to provide complete detection of unsuitable passwords.
There is no need to install software on any workstations, the agent runs on each Active Directory server, intercepting and analysing password changes as they happen, no matter where they originate from.
- Negate password dictionary and brute force attacks
- Granular Windows password complexity
- Intelligent heuristics scanning
- Custom blacklists
- Cloud database check of 320 million + hacked passwords
- Comply with NIST SP 800-63 and other regulatory requirements by default
- Policy-based, centrally deployed and managed
- No desktop software required
Password Policy Agent also supports enforcement of password randomisation options supporting our Windows Desktop Logon Agent product.
How are weak passwords found?
Password Policy Agent uses a mixture of a rules engine, custom black list, heuristic scanning and a cloud-based dynamic password blacklist. In addition to the standard Windows complexity checks, a new password is first processed through the rules engine where more stringent complexity checks are performed, including:
- Minimum and Maximum length
- Minimum number of lower case characters
- Minimum number of upper case characters
- Minimum number of digits
- Minimum number of special characters
- Restrict maximum number of repeating and sequential characters
- Prevent usage of username
- Prevent usage of month and day names
Next the password is checked against a custom black list; together with all variations of it via the heuristics engine. The heuristics engine also takes into account user specific elements such as the user account name and other metadata from your organisation. Lastly, the password and its heuristic bases derivatives will be hash-matched against the cloud-based password blacklist.
Licencing and Pricing
Password Policy Agent is offered as a stand alone licence or as part of the Authlogics Authentication Server licence. Discounts are available on the cost of per user licencing for stand alone users, including support options. A basic version of Password Policy Agent is also available for free, but does not include product support, heuristic scanning or cloud blacklist protection.