nFront Password Filter Benefits

Proactive, NOT Reactive

nFront Password Filter rejects non-compliant passwords before they are allowed on your network. Gone are the days of running a password cracker nightly to see if key accounts can be cracked.

No Single Point of Failure

Each Domain Controller runs nFront Password Filter and there are NO API CALLS THAT LEAVE THE DOMAIN CONTROLLER! Thus, there is no dependency on other "password policy servers." When the T1 to corporate is down, any local DC can filter the password change and support the nFront Password Filter Clients. Competing solutions rely on "password policy servers" so they subject the password change process to network latency and do not guarantee the passwords are filtered if the "password policy server" is not reachable. With other solutions, be sure to read the disclaimers and micetype.

Simple Group Policy Control

Notice that with other products you have to load their snap-in or executable on your system to control policy settings. nFront Password Filter uses a Group Policy and requires only that you load the provided ADM or ADMX template one time on 1 domain controller. From there, the GPO replicates and can be administered from any domain controller and workstation using Active Directory Users and Computers or the Group Policy Management Console.

Ease of Use - GPO Control done right

nFront Password Filter is controlled via Group Policy. No fancy front ends. No pretty MMC snap-ins to forget to load. Simply create a new GPO, load our template file and it replicates to ALL domain controllers. You can then manage from any domain controller or workstation where you run GPMC. Within the GPO you can link each policy to one or more security groups or OUs. Competitors allow you to put password policy GPOs all over the place. If you have ever had to troubleshoot GPO issues with RSoP and other tools you know it is not fun. With nFront Password Filter, all policy configurations are controlled from one single GPO. The application of the policies to groups/OUs works just like NTFS permissions. Nothing could be simpler and easier to troubleshoot or maintain.

No Reboots to upgrade

nFront Password Filter allows you to dynamically upgrade the filtering engine and supporting services without rebooting your domain controllers.

Very Fast Filtering Engine

Our filtering engine has been tested by a Fortune 100 customer with over 11,000 password changes per minute. If it can handle that volume, it should surely spend most of its time sleeping on your network.

Easily customized dictionary

Competitors use cumbersome GUI tools to manipulate the dictionary "wordlists." nFront Password Filter gives you full control and allows you to directly edit the dictionary.txt file in any editor (like Notepad). You can even add words from different languages and mix words of different languages. We have many worldwide customers who use many languages in the dictionary file. We also have many customers which use the dictionary to block keywords disallowed by applications like SAP and Peoplesoft.

Very fast dictionary check

We can scan a new password against over 5 million words in less than a single second. So now you can take all those hacking wordlists and throw them into our dictionary file.


We have many Fortune 100 customers and several with over 200,000 users.