Password Firewall for Windows

Solution Information

The built-in Password Policy in Windows is just not good enough!
Windows has a built-in password policy feature that is commonly utilized to enforce strong passwords in Active Directory, but unfortunately it is just not good enough. Group Policy can enforce a minimum password length, minimum and maximum password ages, and some levels of complexity. But even with these options, millions of hackable passwords still get used. That is where Password Firewall for Windows fits in!

IT gets strong passwords, Users get to keep their passwords
Let’s be honest, passwords are a problem! IT complains that users pick bad passwords, but users complain they have to change their passwords too frequently. Adding Password Firewall to your Active Directory ensures that the passwords your users choose are strong. This means you can stop forcing users to change their passwords so frequently.

No Complicated Password Rules to Manage
Other products make you create complex password complexity rules, which means you have to keep abreast of the every-changing patterns that equate to bad passwords. Password Firewall is an extension of the built-in Windows password policy and acts as a catch-all for bad passwords that would otherwise meet the basic complexity settings in Windows. We handle knowing what types of passwords are bad and managing the blacklist. You just install Password Firewall and we do the rest!

Custom Blacklisted Passwords
Password Firewall for Windows supports custom blacklisted passwords. This is great for stopping your company name or slogan from being used as a password, since these would be common guesses for attackers. Or, even better, deny the use of previously utilized passwords of administrative accounts after an IT worker leaves the company.

Layers of Security
Password Firewall was designed with security first. Passwords are captured via the standard mechanism provided by Windows, then salted and hashed 30,000 times with the industry standard PBKDF2 algorithm before being sent to the Password RBL API. Furthermore, all communications with the API are secured with TLS connections and can be anonymous, too.

Any software solution that deals in security, especially password security, should be able to show the source code without impacting the security of the solution. The source code for Password Firewall is available for download so you can verify that passwords are properly treated and the solution meets your company’s security requirements.

Deploying Password Firewall

Lightweight Solution
Password Firewall uses all built-in functionality from Windows – from the API used to capture password change events, to utilizing PowerShell for the client-side processing. This keeps the pre-requisites to a minimum. There are no extra installations needed to support Password Firewall and no background service. The Password Firewall code is called only during a password change event. And there’s nothing new for your helpdesk staff or end-users to learn. Password Firewall simply extends the existing password changing facilities built-in to Windows.