Password Policy Agent

Password Policy Agent (PPA) uses a comprehensive layered approach to analyse a password, ensuring it meets the requirements of your security policy. PPA uses a mixture of a rules engine, custom blacklist, heuristic scanning and a dynamic cloud-based password blacklist database to provide complete detection of unsuitable passwords.

There is no need to install software on any workstations, the agent runs on each Active Directory server, intercepting and analysing password changes as they happen, no matter where they originate from.



  • Negate password dictionary and brute force attacks
  • Granular AD Group Policy based password complexity controls
  • Intelligent heuristics scanning
  • Custom blacklists
  • Cloud database check of 500 million + hacked passwords
  • Comply with NIST SP 800-63 and other regulatory requirements by default
  • No desktop software required
  • Free basic version available

Password Policy Agent also supports enforcement of password randomisation options supporting our Windows Desktop Logon Agent product.

How are weak passwords found?

Password Policy Agent uses a mixture of a rules engine, custom black list, heuristic scanning and a cloud-based dynamic password blacklist. In addition to the standard Windows complexity checks, a new password is first processed through the rules engine where more stringent complexity checks are performed, including:

  • Minimum and Maximum length
  • Minimum number of lower case characters
  • Minimum number of upper case characters
  • Minimum number of digits
  • Minimum number of special characters
  • Restrict maximum number of repeating and sequential characters
  • Prevent usage of username
  • Prevent usage of month and day names

Next the password is checked against a custom black list; together with all variations of it via the heuristics engine. The heuristics engine also takes into account user specific elements such as the user account name and other metadata from your organisation. Lastly, the password and its heuristic bases derivatives will be hash-matched against the cloud-based password blacklist.

Licencing and Pricing

Password Policy Agent is offered as a stand alone licence or as part of the Authlogics Authentication Server licence. Discounts are available on the cost of per user licencing for stand alone users, including support options.

The basic version of Password Policy Agent is available for free, however it does not include product support, heuristic scanning or cloud blacklist protection.

Get Started

Download the installer and evaluate a fully functional copy of Password Policy Agent. Trial, Basic and Full product versions are supported by the installer.