How to blacklist weak Active Directory passwords
The following is a comparison between blacklisting Active Directory domain passwords with Windows PowerShell and ADSelfService Plus:
Blacklist weak Active Directory passwords in a domain
It is not possible using PowerShell
With ADSelfService Plus
Configure a custom password policy via the Password Policy Enforcer
- Go to ADSelfService Plus admin portal.
- Navigate to Configuration > Self-Service > Password Policy Enforcer.
- Enable Enforce Custom Password Policy.
- Enable restrict keyboard sequences, dictionary words, and palindromes.
- Use the default dictionary or you can also add a custom dictionary of your choice.
- Click Save.
Breached password restriction
- Log in to ADSelfService Plus with admin credentials.
- Go to Admin > Product Settings > Integration Settings > Have I been Pwned?
- Select Enable HaveIbeenPwned Integration.
What using breached passwords affect password security?
- Hackers use cyberattacks like brute force to breach user account passwords. This process, although laborious, is highly effective as users are susceptible to using weak passwords.
- Once these passwords are breached, and hackers gain access to the organization's network, the heath of the organization security is at risk.
What are the limitations of Windows PowerShell for improved password security?
- It doesn't support native blacklisting of Active Directory passwords.
- It doesn't allow admins to enforce password policies based on OU or domain or group memberships.
Apart from being easy to configure, ADSelfService Plus has several advantages when compared to PowerShell scripts.
- Advanced password policy settings:
Admins can create custom password policies from the advanced password policy controls that bans weak passwords, palindromes, etc.
- Universal enforcement:
Admins can enforce custom password policies during self-service password reset and password change for both Active Directory and cloud applications.
- Improves IT security:
Provides advanced multi-factor authentication techniques including biometrics and YubiKey for securing cloud apps.
- Improves the user experience:
Users can perform self-service password reset from multiple access points such as their login screens or a secure web-portal.