Password Policy Agent
Password Policy Agent (PPA) uses a comprehensive layered approach to analyse a password, ensuring it meets the requirements of your security policy. PPA uses a mixture of a rules engine, custom blacklist, heuristic scanning and the Authlogics Cloud Password Breach Database of over 500 million compromised passwords to provide complete detection of unsuitable passwords.
The agent runs on each Active Directory Domain Controller, intercepting and analysing password changes as they happen, no matter where they originate from. There is no need to install software on any workstations making for a fast and low-risk deployment.
- Negate password dictionary and brute force attacks
- Granular AD Group Policy based password complexity controls
- Intelligent heuristics scanning
- Custom blacklists
Password Policy Agent also supports enforcement of password randomisation options supporting our Windows Desktop Logon Agent product.
How do breached passwords affect security?
Online systems containing user information, email addresses and plain-text passwords are constantly being breached. Combine this with user’s propensity to share passwords and login details between work, social and popular websites and you have a recipe for disaster. Given that over 80% of users tend to share passwords between websites, a breach on the web could have a direct impact on a company’s internal systems. This fact has been recognised by NIST (National Institute of Standards and Technology) who specifically address the issue as part of the new 800-63B guidance for setting passwords with the following rules:
- Check against a database of previously breached passwords
- Minimum length of 8 characters, no maximum length
- No forced password expiration
- No more enforced composition rules
- No requirement for a mixture of uppercase, lowercase and special characters
- Anything goes, including emojis
Critically, the new guidance emphasizes that any new passwords should not appear in any previous password breach. This ensures that the new password chosen cannot be determined from any compromised data used by increasingly sophisticated criminals and hackers. Password Policy Agent uses the Authlogics Cloud Password Breach Database which contains over 500 million previously compromised passwords to ensure this isn’t the case.
Licencing and Pricing
Password Policy Agent is offered as a stand alone licence or as part of the Authlogics Authentication Server licence. Discounts are available on the cost of per user licencing for stand alone users, including support options.
The basic version of Password Policy Agent is available for free, however, it does not include product support, heuristic scanning or Authlogics Cloud Password Breach Database protection.