Password Policy Agent
The Authlogics Password Policy Agent (PPA) is designed for IT managers and CISOs who require protection from identity attacks, and what simplicity for users while reducing helpdesk costs. PPA is a non-intrusive solution that ensures all users have a secure password which complies with the latest NIST SP 800-63B password policy standard. Unlike traditional MFA vendors who, despite relying on passwords within their solution, don’t provide any password security or management, our solution removes the password complexity burden from users while ensuring the password they have chosen has not already been compromised.
PPA analyses password changes in real-time and uses a combination of granular policy controls, a rules engine, a custom blacklist, heuristic scanning and is powered by the Authlogics Password Breach Database of over 520 million previously compromised passwords to keep your Active Directory safe and compliant.
Are you in our Password Breach Database?
- Negate password dictionary and brute force attacks
- Granular AD Group Policy based password complexity controls
- Intelligent heuristics scanning
- Custom blacklists
Password Policy Agent also works with Windows Desktop Logon Agent to support passwordless logons, while maintaining a safe randomised AD password.
How do breached passwords affect security?
Online systems containing user information, email addresses and plain-text passwords are constantly being breached. Combine this with user’s propensity to share passwords and login details between work, social and popular websites and you have a recipe for disaster. Given that over 80% of users tend to share passwords between websites, a breach on the web could have a direct impact on a company’s internal systems. This fact has been recognised by NIST (National Institute of Standards and Technology) who specifically address the issue as part of the SP 800-63B guidance from June 2017 for setting passwords with the following rules:
- Check against a database of previously breached passwords
- Minimum length of 8 characters, no maximum length
- No forced password expiration
- No more enforced composition rules
- No requirement for a mixture of uppercase, lowercase and special characters
- Anything goes, including emojis
Critically, the new guidance emphasizes that any new passwords should not appear in any previous password breach. This ensures that the new password chosen cannot be determined from any compromised data used by increasingly sophisticated criminals and hackers. Password Policy Agent uses the Authlogics Password Breach Database which contains over 500 million previously compromised passwords to ensure this isn’t the case.
Features and Editions
The Basic Edition of Password Policy Agent is available for free, however, it does not include a Product Support SLA, Real-time Password Breach Database protection, Heuristics password processing or a Custom password blacklist. Password Policy Agent is offered as a stand-alone licence or as part of the Authlogics Authentication Suite.
|Feature \ Edition|
Product Support SLA
Real-time Password Breach Database protection (with HIBP fallback)
Heuristics password processing
Custom password blacklist with wildcard and numeric substitution support
Web based user Self Service Portal
Minimum length, lower case, upper case, numeric, special and Unicode character limits
Maximum length, repeating, consecutive repeating, sequential, sequential keyboard characters and characters from username limits
Disallow username as password, day & month names and spaces