Using a Banned Passwords dictionary in a password policy

Christopher Dakin

LogonBox has the ability to check a local dictionary of 100,000 commonly used passwords when a user is resetting their password.

This article will detail how to use this in conjunction with a password policy override.

 

Overriding a Password Policy

Navigate to Users & Permissions->Password Policies which will show you the existing password policies in use.

For example if you are using AD you will see the Default Domain Policy here and any Fine Grained Password policies you might have.

We can override any of these policies as long as we choose a stronger policy, in this example we will use the same as the Default Domain Policy but add dictionary checking.

Next to the Default Domain Policy, click the Copy button . This will contain all of the settings from the policy we copied from, so just click the Policy tab and turn off Contain Banned Passwords.

Click Update to create the new policy.

 

Now click the Edit button next to the newly created copy.

We can now rename this policy to something more appropriate, such as Default Domain plus dictionary.

Finally we need to assign this to a set of users. Click the Assignment tab.

Here you can assign directly to users and groups, but we will assign this to everyone, where we can use the default Everyone policy.

In Roles, start typing Everyone and select it when it appears.

 

Click Update. Your new policy will now be used for all users.

 

 

When a user resets their password now, they will be presented the new policy and informed that the password must not contain any banned passwords.

 

Viewing the Banned Password dictionary

If you wish to see what passwords exist in the Banned Passwords dictionary, navigate to Banned Passwords in the left menu in the Business Rules section.

 

You can use the Search field to look for specific passwords, or you can scroll through the list but note there are 100,000 passwords by default.