nFront Password Filter Settings vs. Windows Server 2022 Password Settings (and Server 2019, 2016, 2012, and 2008)

Below you can see the advantages and felxibility nFront Password Filter.

Password Policy Setting: Windows 2022/2019/2016 nFront Password Filter
Minimum Password Length (in characters) Yes, but you cannot set the min to 15+ chars. YES, you can set the min. length from 1 to 256 characters.
Maximum Password Length (in characters)   YES
Reject passwords that don't contain at least <value> of the following character types 3 character types only** 1-4 character types
Ability to set min/max numeric characters in password.   YES
Ability to set min/max upper case characters in password.   YES
Ability to set min/max lower case characters in password.   YES
Ability to set min/max special characters in password   YES
Ability to require spaces (for passphrases)   YES
Ability to limit the use of only a specific set of special characters (useful for ensuring mainframe password compatibility).   YES
Reject passwords that do not meet SAP rules   YES
Reject passwords that contain vowels (a,e,i,o,u,y)   YES
Reject passwords that contain 2 consecutive identical characters   YES
Reject passwords that begin with a number.   YES
Reject passwords that end with a number.   YES
Reject passwords that begin with a special character.   YES
Reject passwords that end with a special character.   YES
Reject passwords that contain the username. yes** YES
Reject passwords that contain any part of the user's full name. yes** YES
Ability to check password against known breached passwords   YES
Ability to check password against a customizable dictionary of common passwords   YES
Ability to check password against common character substitutions for dictionary words (like pa$$word)   YES
Ability to skip dictionary checking for longer passwords (great setting for enforcing passphrases without sacrificing complexity of short passwords).   YES
Support for multiple password policies in the same domain yes* Up to 10

*The policies still maintain the basic criteria of min length, min/max age and history. There is no GUI to administer fine grained policies.

** Windows Settings allow only a hard-coded “complexity” setting which requires:

  • Passwords contain 3 of 4 character sets (upper, lower, numeric and special sets)
  • Password cannot contain userid
  • Password cannot contain any part of user’s full name.

This “complexity” setting is hard-coded into the operating system and is not flexible. It is either turned off or on.