Real-time Password Blacklist

Password

Prevent bad passwords before they happen!

The built-in Password Policy in Windows is just not good enough!

Windows has a built-in password policy feature that is commonly utilized to enforce strong passwords in Active Directory, but unfortunately it is just not good enough.  Group Policy can enforce a minimum password length, minimum and maximum password ages, and some levels of complexity.  But even with these options, millions of hackable passwords still get used.  That is where Password Firewall for Windows fits in!


IT gets strong passwords, Users get to keep their passwords

Let's be honest, passwords are a problem!  IT complains that users pick bad passwords, but users complain they have to change their passwords too frequently.  Adding Password Firewall to your Active Directory ensures that the passwords your users choose are strong.  This means you can stop forcing users to change their passwords so frequently.


No Complicated Password Rules to Manage

Other products make you create complex password complexity rules, which means you have to keep abreast of the every-changing patterns that equate to bad passwords.  Password Firewall is an extension of the built-in Windows password policy and acts as a catch-all for bad passwords that would otherwise meet the basic complexity settings in Windows.  We handle knowing what types of passwords are bad and managing the blacklist.  You just install Password Firewall and we do the rest!


Custom Blacklisted Passwords

Password Firewall for Windows supports custom blacklisted passwords.  This is great for stopping your company name or slogan from being used as a password, since these would be common guesses for attackers.  Or, even better, deny the use of previously utilized passwords of administrative accounts after an IT worker leaves the company. 


Layers of Security

Password Firewall was designed with security first.  Passwords are captured via the standard mechanism provided by Windows, then salted and hashed 30,000 times with the industry standard PBKDF2 algorithm before being sent to the Password RBL API, where they undergo over 10,000 more rounds of hashing before being queried against the Password RBL database.  Furthermore, all communications with the API are secured with TLS connections and can be anonymous, too.


Source-Available

Any software solution that deals in security, especially password security, should be able to show the source code without impacting the security of the solution.  The source code for Password Firewall is available for download so you can verify that passwords are properly treated and the solution meets your company's security requirements.


Lightweight Solution

Password Firewall uses all built-in functionality from Windows - from the API used to capture password change events, to utilizing PowerShell for the client-side processing.  This keeps the pre-requisites to a minimum.  There are no extra installations needed to support Password Firewall and no background service.  The Password Firewall code is called only during a password change event.  And there's nothing new for your helpdesk staff or end-users to learn.  Password Firewall simply extends the existing password changing facilities built-in to Windows.

 

Password Firewall is password blacklist for Active Directory

 

Microsoft's Active Directory is the standard directory authentication system for business networks worldwide.  But it doesn't only provide authentication for Windows networks.  Many third-party software packages utilize Active Directory for authentication and authorization.  This is why AD needs strong passwords.  But the built-in password policy is just not good enough.  Password Firewall ensures chosen passwords are strong by checking them against the Password RBL blacklist before allowing them on your network.

What is

Password Firewall

how to

subscribe

It's easy!


The sign up process is simple and straight-forward.  Just browse to our subscribe page.  You pick the package that matches your needs or request a custom quote.  Then fill out a short registration form which will provide us the necessary information about your AD server(s), domains, and/or IP addresses - and you're done!  No credit card is required to get started and every new subscription gets a free trial.