Password Policy Agent

Authlogics Password Policy Agent (PPA) is a seamless solution which simplifies traditionally painful password policies in Active Directory. It makes policies easier for users to adhere to, vastly reduces the need for helpdesk password resets and also key for password compliance as it ensures that Active Directory adheres to the latest NIST SP 800-63B guidance.

PPA uses a set of granular policy controls, a rules engine, a custom blacklist, heuristic scanning and is powered by the Authlogics Cloud Password Breach Database of over 500 million previously compromised passwords to keep your Active Directory safe and compliant.

The agent runs on each Active Directory Domain Controller, intercepting and analysing password changes as they happen, no matter where they originate from. There is no need to install software on any workstations making for a fast and low-risk deployment.

Solution Benefits

  • Authlogics Cloud Password Breach Database of 500 million + breached passwords
  • Comply with NIST SP 800-63B, GDPR and other regulatory requirements
  • Remove complex and ever changing password requirements
  • No desktop software required
  • Negate password dictionary and brute force attacks
  • Granular AD Group Policy based password complexity controls
  • Intelligent heuristics scanning
  • Custom blacklists

Password Policy Agent also works with Windows Desktop Logon Agent to support passwordless logons, while maintaining a safe randomised AD password.

How do breached passwords affect security?

Online systems containing user information, email addresses and plain-text passwords are constantly being breached. Combine this with user’s propensity to share passwords and login details between work, social and popular websites and you have a recipe for disaster. Given that over 80% of users tend to share passwords between websites, a breach on the web could have a direct impact on a company’s internal systems. This fact has been recognised by NIST (National Institute of Standards and Technology) who specifically address the issue as part of the SP 800-63B guidance from June 2017 for setting passwords with the following rules:

  • Check against a database of previously breached passwords
  • Minimum length of 8 characters, no maximum length
  • No forced password expiration
  • No more enforced composition rules
  • No requirement for a mixture of uppercase, lowercase and special characters
  • Anything goes, including emojis

Critically, the new guidance emphasizes that any new passwords should not appear in any previous password breach. This ensures that the new password chosen cannot be determined from any compromised data used by increasingly sophisticated criminals and hackers. Password Policy Agent uses the Authlogics Cloud Password Breach Database which contains over 500 million previously compromised passwords to ensure this isn’t the case.

Features and Editions

The Basic Edition of Password Policy Agent is available for free, however, it does not include a Product Support SLA, Real-time Password Breach Database protection, Heuristics password processing or a Custom password blacklist. Password Policy Agent is offered as a stand-alone licence or as part of the Authlogics Authentication Suite.

Feature \ Edition
Full Edition
Basic Edition
Product Support SLA
YesNo
Real-time Password Breach Database protection (with HIBP fallback)
YesNo
Heuristics password processing
YesNo
Custom password blacklist with wildcard and numeric substitution support
YesNo
Web based user Self Service Portal
YesYes
Minimum length, lower case, upper case, numeric, special and Unicode character limits
YesYes
Maximum length, repeating, consecutive repeating, sequential, sequential keyboard characters and characters from username limits
YesYes
Disallow username as password, day & month names and spaces
YesYes

Get Started

Download the installer and evaluate a fully functional copy of Password Policy Agent. Trial, Basic and Full product versions are supported by the installer.

Have a question about Password Policy Agent, password security or compliance?