Password Policy Enforcer

The Password Policy Enforcer feature of ADSelfService Plus allows you to set a custom OU based password policy for your organization and force the users to strictly adhere to it. This feature solves the issue of weak passwords, which can be detrimental to the security of your organization.

It provides a slew of options for a customizable, stringent password policy. Once configured, it even renders an interactive UI for users to ensure that their new passwords are compliant with the policy that you have set. It contains a wide range of complexity rules, compared to the default set provided in Active Directory, to further strengthen the passwords.

Steps to ConfigurePassword Policy Enforcer:

Navigate to Configuration --->> Self-Service --->> Password Policy Enforcer
Enable Enforce Custom Password policy
Set the complexity requirements for the new password.
Now, provide a check against the options, that you would like to include in your custom password policy.

To enforce minimum complexity requirements for the password
To enforce the password policy in Ctrl+Alt+Del screen( For Change password) and ADUC( For Password Reset).
To display the password policy in "Reset Password" and "Change Password" page.

Click Save to finish the configuration.

The complexity requirements available to create your custom password policy are:

Password length

Minimum number of characters in a password

Maximum number of characters in a password

Password Complexity Rule

No. of special characters to include

Use upper, lower cases and numbers in the password

Begin the password with a letter

Disallow reuse of a character thrice, consecutively( For example: aaa,111)

Disallow use of five consecutive characters from user name

Pattern Rule

Prevent using a palindrome as the password

Disallow use of certain patterns( For example: qwerty, 12345, abc)

Dictionary Rule

Avoid using dictionary words

Unicode Rule

Use Unicode characters

Incremental Password Rule

Prevent using 5 consecutive characters similar to the previous password

Passphrases Rule

Use passphrases (In this case, all other rules are exempted)

History Rule

Prevent usage of (n) previously used passwords

Note: ADSelfService Plus encrypts all passwords used by the user using SHA 512 and stores them in the ADSelfService Plus database. When the password is reset, the new password is encrypted and the hash is checked with the recent (n) old passwords. If it matches, the user will be asked to choose a different password.

Click Customize view to change the display text of the policy requirements in Reset and Change password screens. It lets you to set unique display texts for different platforms (Web portal, iOS/Android apps, GINA/CP screen). You can also set the order in which the policy requirements will be displayed to the user.

ManageEngine