Password Policy Enforcer for Active Directory | Enforce Strong Password Policy

Related Products

Passwords

are the keys to accessing organizational resources.

While it's common knowledge that passwords used by employees can make or break data security, employees often don't follow good password hygiene. From setting weak and generic passwords to lax password policy rules in native tools like Windows Active Directory Group Policies, several factors pose a serious threat to password security and put organizations' data at risk of exposure.

The need for stringent password policies

Active Directory password
policy requirements

Minimum
password length
Sets the minimum number of character that must be used in the password.
Minimum
password age
Decides how long a user has to wait before changing their password. This ensures that the user doesn't change their password too often.
Maximum
password age
Decides when a password expires. This is important to ensure that passwords are changed regularly.
Password complexity
requirements
Decides the character composition of the password. It also defines what shouldn't be part of the passwords, including dictionary words or patterns.
Password history
enforcement
Decides how long a user has to wait to reuse a password.
Reversible encryption
for storing passwords
Decides whether passwords are stored with or without encryption.

Why Active Directory password
policies aren't enough

A one-size-fits-all password policy does not exist. They have to be customized to suit different hierarchies, geographical regions, and departments in a company. But AD password policies cannot be set for specific OUs.
Dictionary words, patterns, and palindromes cannot be restricted.
Consecutive repetition of the same character cannot be prevented.
The password policy cannot be enforced during password reset by admins in the Active Directory Users and Computers (ADUC) console.
The policy setting cannot mandate the number of characters from a certain character type.

Restrict passwords with commonly used words and patterns

Download now

How to configure password policies in ADSelfService Plus to prevent password attacks

ManageEngine ADSelfService Plus' Password Policy Enforcer overcomes these issues and allows you to enforce a custom password policy that seamlessly integrates with the native Active Directory password policies. It fortifies your Active Directory passwords to ensure your organization is secure. ADSelfService Plus' password policies can be set to enforce the following requirements:

Restrict characters
Mandate the number of special, numeric, and Unicode characters. You can also set the type of character the password must begin with.
Restrict length
Set both a minimum and maximum number of characters for the password.
Restrict pattern
Restrict custom dictionary words and patterns that are commonly used in the organization, as well as palindromes.
Restrict repetition
Restrict the use of consecutive characters from usernames or previous passwords. Consecutive repetition of the same character can also be restricted.

Benefits of
ADSelfService Plus'
Password Policy Enforcer

Implement granular password policies

Set password policies for OUs and groups separate from the one set for the domain to match the level of sensitive resources specific users need access to.

Help users pick strong passwords

Display policy requirements on the reset and change password pages to ensure users know the password policy rules.

Analyze password strength

Enable the Password Strength Analyzer to automatically display the strength of the password provided by the user during password change and reset. This ensures users have context about the strength of their passwords right when setting or changing them, and that they can modify them to improve security.

Meet regulatory compliance standards

Create password policies that comply with NIST, HIPAA, GDPR, CJIS, and other regulations.

Encourage passphrases

Enable users to create long and secure passphrases by overriding the password policy rules if the password is beyond a specific length.

Enforce policies universally

Enforce your policy for password changes from the Ctrl+Alt+Del screen and during ADUC password resets.

Enhance user experience

Make strong passwords more attainable by setting the number of complexity requirements the user must adhere to while also letting them select the requirements.

Other password security features in
ADSelfService Plus

Integration with Have I been Pwned? Integrate ADSelfService Plus with the Have I been Pwned? service, which can ban the use of passwords involved in previous hacks and thus prevents credential stuffing attacks.

Password synchronization: The password sync feature ensures all enterprise applications use the same secure password that is immune to brute-force, dictionary, and credential stuffing attacks.

Password reports: Get out-of-the-box reports that give IT admins a holistic view of users' passwords and account lockout status, enrollment data, and self-service actions in all the connected domains.

Password Strength Analyzer: Allow users to see the strength of the password live on the password change or reset screen.