Password RBL has released the next version of Password Firewall. This is version 7.10 and builds upon the solid foundation of previous versions, but it also adds a new feature that has been requested numerous times by customers and prospects.  Password Firewall now blocks common keyboard patterns in password choices even if the exact password permutation that includes the pattern is not blacklisted.  We have also included a few safeguards so Password Firewall doesn’t make choosing a new password overly burdensome on users..  Continue reading for details of how it works.

Blocking the Most Common Patterns

Password Firewall v7.10 blocks the most common keyboard-based patterns.  Examples include, “qwerty”, “zxcvbn”, “qazwsx”, etc.  The matching is not case sensitive so Password Firewall will catch most use of these patterns as part of password choices.  If a match is found then Password Firewall will block the password choice without a need for performing the blacklist query.  But we don’t want to deny just any password that happens to include one of these keyboard patterns.  That is where our safeguards apply.

 

Safeguards

Not all passwords containing a keyboard pattern are of poor quality.  Qwerty12345 is certainly a bad choice.  After all, it is in our curated blacklist and commonly tops the Worst Passwords of the Year lists.  But a randomly generated 30-character password that happens to include a case insensitive match for “qazwsx” is likely still a plenty secure password, due to it’s length and randomness.  Because of this, Password Firewall includes length as a safeguard to keyboard pattern matching.   If a password choice that matches a common keyboard pattern is not significantly longer than the pattern itself, then Password Firewall will block the password choice.  Generally, since the keyboard patterns are short (5-6 characters), then the password choice will need to be at least 15 characters in length to be exempted from the pattern-based matching.

But we also include a safeguard to the safeguard.   Before granting an exemption to the pattern matching based upon password length, an additional check is done to make sure the end-user has also included some non-pattern characters in their password choice.  This prevents “clever” password choices based upon keyboard patterns from being exempted just because overall length is good.  This is best understood by example:  “aE8QazWSx72-8uNn3vPR” would be exempted from pattern matching but “QAZ2WSXqaz2wsxQAZ2WSX” would not.

 

Blacklisting Still Applies

It’s important to remember that once a password choice makes it past the keyboard pattern matching check, blacklist checks still apply. “Qwerty12345password” might make it passed the pattern check, but it’s still a blacklisted password.

 

Upgrade Today

Password Firewall v7.10 is available for download now.  Upgrades are easy, but you have to be running v7.10 (or later) to gain this additional protection.