Flexible Security For Your Peace of Mind

Specops Password Policy comparison and price

In the market for a third-party password policy solution? If an audit has revealed poor password practices, you may look to Microsoft Fine-Grained Password Policy (FGPP) for additional flexibility over default domain password settings. Unfortunately, FGPP still lacks a lot of the capabilities for meeting auditor requirements, regulatory standards, and the latest password recommendations from NIST.

You can enhance password policy security, without sacrificing true Active Directory integration. Specops Password Policy works directly with Group Policy Objects, and enables fine-grain control over password policies to fulfill various security requirements. The below section highlights various password security settings, and how Specops Password Policy compares to FGPP.

Comparing Specops Password Policy to FGPP

Password dictionaries

Password dictionaries allow you to block common words related to your organization when setting a password. They also enable you to react to leaked password lists by blocking their usage in your organization. For more information about disallowing words with password dictionaries, see our dictionary overview and best practices blog.

 Specops settingsMicrosoft settings
Create custom password dictionariesYesNo
OOTB password dictionariesYesNo
Import password dictionariesYesNo

In addition to password dictionaries, Specops Password Policy offers an add-on password blacklisting service. With Specops Password Blacklist you can block more than 1 billion leaked passwords, including the haveibeenpwned list.

Complexity settings

Password complexity settings are commonly identified as the character types (lower case, upper case, numeric, and special). Unfortunately, complexity is ineffective if it is predictable. By disallowing consecutive identical characters, or common character types as the first/last character in a password, IT administrators can fight password predictability.

 Specops settingsMicrosoft settings
Disallow consecutive identical charactersYesNo
Disallow common characters types as first/last characterYesNo
Passphrase supportYesNo

Password history and expirations

End-user communication should be a critical part of your password management tactics. Reminding users of an upcoming password expiration, can mean time-savings for the helpdesk. When setting a new password, users conform to predictable patterns – character substitutions, leetspeak, incrementing numbers, and other common habits that don’t stand a chance against hackers. Here are some ways that Specops can stop password predictability.

 Specops settingsMicrosoft settings
Minimum number of changed characters
YesNo
Disallow part of current passwordYesNo
Password expiration reminder emailsYesNo
Length-based password agingYesNo

Reporting

Specops Password Policy also offers a dedicated reporting tool. Specops Password Auditor scans your Active Directory and detects security related weaknesses, specifically related to password settings. The collected information is used to display multiple interactive reports containing user and password policy information.

For more information on FGPP settings, see the How to create a FGPP blog. For a complete list of Specops Password Policy settings, see the Policy Settings section of the Administration Guide.

Price and licensing

Specops Password Policy is priced based on the number of Active Directory users in scope. It follows a volume-pricing model where the price per license decreases as the number of users in scope increases. Specops Password Policy can be purchased as an annual subscription that includes technical support and product upgrades. If you are looking for a quote or price indication for the software, contact Specops here.

Why Specops Password Policy?

Specops Password Policy is a security-oriented alternative to FGPP. Specops Password Policy allows you to follow the latest standards, including the NIST recommendations, and gives true fine-grain control over any password policy requirements that you may need to apply to your organization.

  • Was this Helpful ?
  • Yes   No

Tags: ,

Back to Blog

Related Articles

  • How to create a fine-grained password policy in AD

    For the first 8 years of Active Directory, the only native way of having multiple password policies in your AD forest, was to have multiple domains. When Server 2008 arrived on the scene, Microsoft introduced the concept of Fine Grain Password Policies (FGPP), which allowed different policies within the same domain. Traditionally, the Default Domain…

    Read More
  • How things work: Default Domain Policy and Specops Password Policy Precedence

    I recently received a support question about the rules displayed during a password change in Specops Password Reset (SPR), versus Specops uReset. The scenario was fairly complex – advanced password rules configured for both the built-in Default Domain Policy (DDP) and Specops Password Policy (SPP),  where the “Must contain at least 1 Unicode character” was…

    Read More
  • How things work: Group Policy Caching

    The release of Windows 8.1 and Server 2012 R2 introduced a new Group Policy concept called Group Policy Caching. Its purpose is to reduce the time it takes to perform certain scenarios for synchronous foreground Group Policy refresh. Here’s the drawback: for every Group Policy update interval, Group Policy Caching will download, and store a…

    Read More

© 2019 Specops Software. All rights reserved. Privacy and Data Policy