Password Policy Enforcement

Require users to choose hard-to-guess passwords, preventing password reuse and forcing regular password changes.

When users choose a fresh password with Xpress Password – either by using its web portal or by altering their password locally on a system that has been configured to prompt transparent synchronization, Xpress Password applies a site-defined set of password quality rules. Users are barred from selecting passwords that violate this policy.

The policy engine supports over 65 types of rules, not limited to an unlimited-length history, word and permutation checks against several dictionaries and checks against the user ID and its permutations.

When using the Xpress Password web portal, password policy rules are presented to the user on the screen where users are spurred to select a new password. If there are any rule violations, they are detailed on the next screen.

With reversed synchronization, password policy rules are not usually shown, so as to leave the native password modification mechanism untouched. Password policy transgressions are communicated to the user in numerous ways, including win-popup messages, e-mail and display to the user’s terminal session on Unix and z/OS systems.

A Global Policy

Xpress Password is constructed to impose a uniform password policy across all systems and to make certain that any new password will be compatible with every integrated system. This provides the most lucid and understandable experience to users. Xpress Password is constructed such that it will not accept or propagate a password that will not fulfil this enterprise-wide password policy. Two types of password rules are imposed by all systems:

  • Complexity needs make certain that users don’t choose easy-to-guess passwords. Example rules are: barring any permutation of the user’s login ID or password history, mandating mixed letters and digits, banning dictionary words, etc.
  • Character set and length limits on what can be physically stored in the password field on any given system.

A global password policy is normally created by joining and strengthening the best-of-breed complexity requirements from each system that is affected by the policy. Then, Xpress Password combines these with the most restrictive storage constraints. This compels users to select robust and safe passwords on every system.

A less user friendly option is to establish different password policies for every target system or for groups of target systems. To update their passwords, users must choose a system, decide a password, wait for the password update to finish, decide on another system, choose and input a different password, etc. Users must then recall multiple passwords and will experience many password related issues. There is strong evidence that users with numerous passwords have a tendency to jot down their passwords.