ManageEngine, the real-time IT management company, today announced the addition of the password policy enforcer in ADSelfService Plus, its integrated self-service password management and single sign-on solution. Available immediately, the new feature gives IT admins eight new advanced password policy rules to improve password security and ward off hackers. It also lets admins create multiple password policies for a single Active Directory domain and assign them to groups and organizational units (OUs) separately.
The basic Windows password policy controls have not changed since Windows Server 2000. Meanwhile, hackers have found sophisticated methods to crack passwords and breach security at companies such as Sony, LinkedIn and Yahoo. Using a single group policy-based password policy for the entire domain burdens all users, regardless of their network privileges, with complex passwords that are difficult to remember or with weak passwords that are prone to attack. Even the fine-grained password policies introduced in Windows Server 2008 fail to provide additional security measures and cannot be applied to OUs in Active Directory.
"Compared to Windows native policies, the advanced password policies that admins can create in ADSelfService Plus are far more secure and can be enforced on groups and OUs, making it easy to strike a balance between security and usability," said Parthiban Paramsivam, director of product management for ADSelfService Plus at ManageEngine. "By enabling the password synchronization feature, both the on-premises Active Directory and the cloud applications can be safeguarded by a centralized password policy."
New Rules for Improved Password Security
The ADSelfService Plus password policy enforcer feature is designed to protect users against the most common attack methods, such as dictionary attacks, brute force attacks, pattern attacks and rainbow table attacks. Following are the highlights of the new feature:
- Dictionary rule: Blocks passwords that contain entries from both language dictionaries and hacker dictionaries.
- Keyboard patterns: Forbids the usage of common keyboard patterns such as QWERTY, 12345, ASDFGH, etc.
- Repeating patterns: Bans passwords containing characters that are repeated consecutively, consecutive characters from username and old password, and palindromes.
- Multiple complexity enhancements: Allows IT admins to enforce both lowercase and uppercase letters, specify the exact number of special characters and digits required, make Unicode characters mandatory, and more.
- Implement policy on Ctrl + Alt + Del screen: Enforces ADSelfService password policies when users change their passwords through the Ctrl + Alt + Del screen and when admins reset users' passwords from within the Active Directory Users and Computers console.
- Display password requirements to end users: Helps users create a compliant password by displaying the exact password policy requirements; shows password rules during self-password reset in the self-service portal and during password change on the Ctrl + Alt + Del screen.
IT admins can also use ADSelfService Plus to govern user accounts in Windows Active Directory, Office 365, Google Apps, Salesforce and other cloud applications with a single password policy. Now, when users log on to cloud applications, they are free to choose a weaker password because the password policy controls in Active Directory do not automatically apply. With the password synchronization feature in ADSelfService Plus, IT admins can bring various cloud applications under the purview of the granular password policy they have enabled for Active Directory domains. ADSelfService Plus can notify users of password expiration well in advance and ensure passwords are updated in a timely manner.
Pricing and Availability
ADSelfService Plus pricing starts at $595 per year for 500 users. A fully functional, 30-day trial version is available at https://www.manageengine.com/products/self-service-password/download.html.