nFront Password Filter Settings vs. Windows Server 2022 Password Settings (and Server 2019, 2016, 2012, and 2008)
Below you can see the advantages and felxibility nFront Password Filter.
Password Policy Setting: | Windows 2022/2019/2016 | nFront Password Filter |
Minimum Password Length (in characters) | Yes, but you cannot set the min to 15+ chars. | YES, you can set the min. length from 1 to 256 characters. |
Maximum Password Length (in characters) | YES | |
Reject passwords that don't contain at least <value> of the following character types | 3 character types only** | 1-4 character types |
Ability to set min/max numeric characters in password. | YES | |
Ability to set min/max upper case characters in password. | YES | |
Ability to set min/max lower case characters in password. | YES | |
Ability to set min/max special characters in password | YES | |
Ability to require spaces (for passphrases) | YES | |
Ability to limit the use of only a specific set of special characters (useful for ensuring mainframe password compatibility). | YES | |
Reject passwords that do not meet SAP rules | YES | |
Reject passwords that contain vowels (a,e,i,o,u,y) | YES | |
Reject passwords that contain 2 consecutive identical characters | YES | |
Reject passwords that begin with a number. | YES | |
Reject passwords that end with a number. | YES | |
Reject passwords that begin with a special character. | YES | |
Reject passwords that end with a special character. | YES | |
Reject passwords that contain the username. | yes** | YES |
Reject passwords that contain any part of the user's full name. | yes** | YES |
Ability to check password against known breached passwords | YES | |
Ability to check password against a customizable dictionary of common passwords | YES | |
Ability to check password against common character substitutions for dictionary words (like pa$$word) | YES | |
Ability to skip dictionary checking for longer passwords (great setting for enforcing passphrases without sacrificing complexity of short passwords). | YES | |
Support for multiple password policies in the same domain | yes* | Up to 10 |
*The policies still maintain the basic criteria of min length, min/max age and history. There is no GUI to administer fine grained policies.
** Windows Settings allow only a hard-coded “complexity” setting which requires:
- Passwords contain 3 of 4 character sets (upper, lower, numeric and special sets)
- Password cannot contain userid
- Password cannot contain any part of user’s full name.
This “complexity” setting is hard-coded into the operating system and is not flexible. It is either turned off or on.