With the constant threat of hackers trying to get their hands on your sensitive information, you need your passwords to be nothing less than hack-proof. Though Microsoft’s password policy solution has been around for quite some time now, it has distinct drawbacks. To learn more on this front, check out our blog, The top 3 drawbacks to Microsoft password policies.
The native tools in Active Directory have little to no control over preventing users from setting weak and predictable passwords. Brute-force, dictionary, and pattern attacks are some of the most commonly used methods for hacking passwords. Your best defense against these types of attacks is having a good password policy solution in place to ensure your users set foolproof passwords. See Figure 1 below to learn how ADSelfService Plus can help.
Figure 1. Safeguard your passwords from common hacking threats with ADSelfService Plus.
ADSelfService Plus’ password policy solution strengthens native password policy requirements so users won’t be able to choose weak, ineffective passwords. With these password controls, you can effectively combat brute-force, dictionary, or pattern attacks, all without tweaking your current Active Directory OU design. Combining the password policy enhancements of ADSelfService Plus with native AD takes security to the next level.
Combatting common attacks
Brute-force or dictionary attack:
Import an attack dictionary in ADSelfService Plus to defend passwords against dictionary attacks. Session timeouts, CAPTCHAs, and blocking users that fail identity verification will also help you beef up security.
Pattern attack:
Prohibit the use of common patterns (abc, 12345, qwerty) and palindromes to make passwords less vulnerable.
See the options available for enforcing strong password policies in ADSelfService Plus in Figure 2 below.
Figure 2. Password policy enhancements including special character enforcement.
The table shown below illustrates how native password policy controls alone aren’t enough to protect your organization and how ADSelfService Plus helps you patch up those shortcomings.
| Native AD | ADSelfService Plus | ||
| Brute-force attack | Limited password complexity requirements* | ● Import a dictionary
● Block users who fail identity verification ● Create session timeouts ● Use CAPTCHAs ● Require uppercase and lowercase letters, numbers, and special characters
|
|
| Dictionary attack | – | ||
| Pattern attack | – | ● Prohibit the use of patterns
● Prohibit the use of palindromes
|
*Passwords must contain characters from three of the following five categories:
- Uppercase characters of European languages (A through Z, with or without diacritic marks, Greek and Cyrillic characters).
- Lowercase characters of European languages (a through z, with or without diacritic marks, Greek and Cyrillic characters).
- Base 10 digits (0 through 9).
- Non-alphanumeric characters (~!@#$%^&*_-+=`|\(){}[]:;”‘<>,.?/).
- Any Unicode character that is categorized as an alphabetic character but is not uppercase or lowercase. This includes Unicode characters from Asian languages.
