Specops Password Policy comparison and price

In the market for a third-party password policy solution? If an audit has revealed poor password practices, you may look to Microsoft Fine-Grained Password Policy (FGPP) for additional flexibility over default domain password settings. Unfortunately, FGPP still lacks a lot of the capabilities for meeting auditor requirements, regulatory standards, and the latest password recommendations from NIST.

You can enhance password policy security, without sacrificing true Active Directory integration. Specops Password Policy works directly with Group Policy Objects, and enables fine-grain control over password policies to fulfill various security requirements. The below section highlights various password security settings, and how Specops Password Policy compares to FGPP.

Comparing Specops Password Policy to FGPP

Password dictionaries

Password dictionaries allow you to block common words related to your organization when setting a password. They also enable you to react to leaked password lists by blocking their usage in your organization. For more information about disallowing words with password dictionaries, see our dictionary overview and best practices blog.

In addition to password dictionaries, Specops Password Policy offers an add-on Breached Password Protection service. With Specops Breached Password Protection you can block more than 4 billion leaked passwords, including the haveibeenpwned list.

Complexity settings

Password complexity settings are commonly identified as the character types (lower case, upper case, numeric, and special). Unfortunately, complexity is ineffective if it is predictable. By disallowing consecutive identical characters, or common character types as the first/last character in a password, IT administrators can fight password predictability.

Password history and expirations

End-user communication should be a critical part of your password management tactics. Reminding users of an upcoming password expiration, can mean time-savings for the helpdesk. When setting a new password, users conform to predictable patterns – character substitutions, leetspeak, incrementing numbers, and other common habits that don’t stand a chance against hackers. Here are some ways that Specops can stop password predictability.

Reporting

Specops Password Policy also offers a dedicated reporting tool. Specops Password Auditor scans your Active Directory and detects security related weaknesses, specifically related to password settings. The collected information is used to display multiple interactive reports containing user and password policy information.

For more information on FGPP settings, see the How to create a FGPP blog. For a complete list of Specops Password Policy settings, see the Policy Settings section of the Administration Guide.

Price and licensing

Specops Password Policy is priced based on the number of Active Directory users in scope. It follows a volume-pricing model where the price per license decreases as the number of users in scope increases. Specops Password Policy can be purchased as an annual subscription that includes technical support and product upgrades. If you are looking for a quote or price indication for the software, contact Specops here.

Why Specops Password Policy?

Specops Password Policy is a security-oriented alternative to FGPP. Specops Password Policy allows you to follow the latest standards, including the NIST recommendations, and gives true fine-grain control over any password policy requirements that you may need to apply to your organization.