Security requires us to ban commonly hacked phrases/words from being used in passwords. We use the Disallowed Values in the Password Policy section within SSPR. This method is not as convenient as wordlists but we need the partial match functionality.

Security wants us to ban all iterations of a word. Meaning that $ is sometimes substituted for S, @ for a, etc. There is no easy way to do this besides entering every possible combination. I have a feeling that doing so would eventually blow out the SSPRConfiguration.xml.

We would like a configuration that allows SSPR to automatically perform character substitutions.

For example, if we have password on our disallowed list, we would like SSPR to block password, p@ssword, passw0rd, p@ssw0rd, etc.

by: Joel B. | over a year ago | Other