Flexible Security For Your Peace of Mind
  • Pricing
  • Specops Software Blog
  • About
    • Company
    • Partners
    • Careers
    • News
  • English
  • Deutsch
  • Français
  • English
site logo
  • Products
      • Password Policy
        • red-cross@2x-150×150-1Block weak passwords
        • teal-check@2x-150×150-1Create compliant password policies
        • entropy@2x-150×150-1Target password entropy
      • Password Reset
        • Enrollment-enforcement-150×150-1Password reset for remote users
        • mfa password iconFlexible MFA
        • Enrollment-enforcemnt-150×150-1Auto-enrollment and flexible enforcement
      • Password Auditor
        • icon-17-yGet password reports
        • icon-33-rAudit Active Directory accounts
        • thumbs up iconAlign password policies with standards
      • Key Recovery
        • service-key-150×150-1Self-service for BitLocker
        • key-recovery-150×150-1Self-service for Symantec Endpoint Encryption
        • mfa-pre-enrollment-150×150-1MFA with pre‑enrollment
      • Secure Service Desk
        • icon-verify-user-identity-150×150-1Verify user identity
        • shield with crossEnforce user authentication
        • icon-unlock-accounts-150×150-1Unlock accounts and reset passwords
      • Other
        • password-notification-icon-150×150-1Password Notification
        • password-sync-icon-150×150-1Password Sync
        • ad-janitor-icon-150×150-1Active Directory Janitor
  • Resources
    • Datasheets
    • Videos
    • Whitepapers
    • Case Studies
    • Reviews
  • Support
  • Contact Us
  • Pricing
  • Specops Software Blog
  • About
    • Company
    • Partners
    • Careers
    • News
  • English
    • Facebook
    • Twitter
    • Youtube
    • Linkedin
    • Instagram
    ×
  • Select language
  • Deutsch
  • Français
  • English
Datasheets

Specops Password Policy Datasheet

Download PDF

Ban weak passwords from Active Directory

Contact Us

Specops Password Policy helps you increase password security in your Microsoft Active Directory environment. The tool extends the functionality of Group Policy, and simplifies the management of fine-grained password policies. Specops Password Policy can target any GPO level, group, user, or computer with password complexity, compromised password list, dictionaries and passphrase settings.

Take a segmented approach and customize your settings to the security needs of various user populations. Assign users who have access to sensitive data more complexity, without hindering usability for less privileged users. Alternatively, replace complexity by allowing passphrases to enforce secure policies without burdening users.

Enhance security by blocking the use of custom dictionary words unique to your organization. Comply with industry regulations by blocking the use of over 3 billion known breached passwords, as well as passwords used in real spray attacks happening right now. Manage password security across your organization simply and effectively!

Dictionary attacks & password leaked lists

You can use a password dictionary, a file containing commonly used and/or compromised passwords, to prevent users from creating passwords that are susceptible to dictionary attacks.

Feature Highlights Specops Settings Microsoft FGPP Settings Azure AD Password Protection Settings
Create Custom dictionary lists Yes (no limit) No Yes (up to 1000 terms, minimum 4 characters)
Blocks used in password spray attacks happening right now Yes (new compromised passwords added daily) No Partially (only uses base terms in global list)
Blocked list includes 3rd party breached passwords (as recommended by orgs like NIST and NCSC) Yes (over 4 billion unique compromised passwords) No No ("banned" list is not a leaked list)
Find and remove leaked passwords already in use Yes No No
Ban partial use of dictionary list word Yes (full or partial) N/A No
Ban use of user's first or last name Yes (full or partial) No No partial ban
Block 3-letter words, abbreviations, and acronyms Yes N/A No (minimum 4-characters)
Ban common character substitution Yes No Missing several

Password / Passphrase complexity

Complexity is commonly the character types (lower case, upper case, numeric, and special) used in a password. However, complexity is ineffective if it is predictable.

Specops Microsoft FGPP Azure Password Protection
5/5 character types Yes Only 3/5 character types N/A
Disallow consecutive identical characters Yes No N/A
Disallow common character types at the beginning Yes No N/A
Passphrase support Yes No N/A

Password Expirations / History

Specops Microsoft FGPP Azure Password Protection
Password expiration reminders Email, Balloon tip Balloon tip only N/A
Disallow part of current password Yes No N/A
Minimum number of changed characters Yes No N/A
Password length-based aging Yes No N/A

Other

Specops Microsoft FGPP Azure Password Protection
Dedicated password policy reporting tool Yes No No
Dynamic password policy display at password change Yes No N/A
NIST and NCSC password policy templates Yes No N/A
Customize end-user client failed password change message Yes No N/A

How does it work?

Specops Password Policy is built on the Group Policy engine in Active Directory and works in conjunction with existing password policy functions. It consists of the following components and does not require any additional servers or resources in your environment.

Administration Tools:

Configures the central aspects of the solution, and enables the creation of Specops Password Policy settings in GPOs.

Sentinel:

Verifies whether a new password matches the Specops Password Policy settings assigned to the user. The Sentinel is a password filter at the domain controllers.

Client (optional):

Displays the password policy rules when a user fails to meet the policy criteria when changing their password. Also notifies users when their passwords are about to expire.

What does it look like?

Administrator Experience

The password settings can be configured from the Group Policy Management Editor.

You can configure a password policy to use classic rules, or passphrases.

The Specops Password Auditor component scans and detects security related weaknesses, specifically related to password settings.

 

The collected information is used to display multiple interactive reports containing user and password policy information.

End-User Experience 

Specops Password Policy allows you to customize the messages users see beyond the standard Windows message.

 

The display options include showing the found dictionary word or the rules the user has passed and still needs to pass.

Dynamic feedback at password change means end users get feedback as they type their new password.

 

The better end-user feedback means happier users and fewer calls to the helpdesk.

Get a Demo of Specops Password Policy

Interested in seeing how Specops Password Policy and Breached Password Protection can work in your environment? Set up a demo or trial today.

  • Products
  • Resources
  • Support
  • Specops Software Blog
  • About
  • Contact Us
  • Twitter
  • Youtube
  • Linkedin
  • Instagram

© 2023 Specops Software. All rights reserved.

  • Privacy and Data Policy

This website uses cookies to ensure you get the best experience on our website. Learn more

Got It!