Password Policy Agent
Authlogics Password Policy Agent (PPA) is a seamless solution which simplifies traditionally painful password policies in Active Directory. It makes policies easier for users to adhere to, vastly reduces the need for helpdesk password resets and also key for password compliance as it ensures that Active Directory adheres to the latest NIST SP 800-63B guidance.
PPA uses a set of granular policy controls, a rules engine, a custom blacklist, heuristic scanning and is powered by the Authlogics Cloud Password Breach Database of over 500 million previously compromised passwords to keep your Active Directory safe and compliant.
The agent runs on each Active Directory Domain Controller, intercepting and analysing password changes as they happen, no matter where they originate from. There is no need to install software on any workstations making for a fast and low-risk deployment.
- Negate password dictionary and brute force attacks
- Granular AD Group Policy based password complexity controls
- Intelligent heuristics scanning
- Custom blacklists
Password Policy Agent also works with Windows Desktop Logon Agent to support passwordless logons, while maintaining a safe randomised AD password.
How do breached passwords affect security?
Online systems containing user information, email addresses and plain-text passwords are constantly being breached. Combine this with user’s propensity to share passwords and login details between work, social and popular websites and you have a recipe for disaster. Given that over 80% of users tend to share passwords between websites, a breach on the web could have a direct impact on a company’s internal systems. This fact has been recognised by NIST (National Institute of Standards and Technology) who specifically address the issue as part of the SP 800-63B guidance from June 2017 for setting passwords with the following rules:
- Check against a database of previously breached passwords
- Minimum length of 8 characters, no maximum length
- No forced password expiration
- No more enforced composition rules
- No requirement for a mixture of uppercase, lowercase and special characters
- Anything goes, including emojis
Critically, the new guidance emphasizes that any new passwords should not appear in any previous password breach. This ensures that the new password chosen cannot be determined from any compromised data used by increasingly sophisticated criminals and hackers. Password Policy Agent uses the Authlogics Cloud Password Breach Database which contains over 500 million previously compromised passwords to ensure this isn’t the case.
Features and Editions
The Basic Edition of Password Policy Agent is available for free, however, it does not include a Product Support SLA, Real-time Password Breach Database protection, Heuristics password processing or a Custom password blacklist. Password Policy Agent is offered as a stand-alone licence or as part of the Authlogics Authentication Suite.
|Feature \ Edition|
Product Support SLA
Real-time Password Breach Database protection (with HIBP fallback)
Heuristics password processing
Custom password blacklist
Web based user Self Service Portal
Minimum length, lower case, upper case, numeric, special and Unicode character limits
Maximum length, repeating, consecutive repeating, sequential, sequential keyboard characters and characters from username limits
Disallow username as password, day & month names and spaces