Enforce better cloud security with granular password policies

Tougher password policies are the stepping stones to ensuring password security and saving your users from getting hacked. If your users are safe, then your organization is safe, too. Almost all cloud applications have some sort of password policy controls to secure passwords. The exact password policy rules may vary from one application to another, but they all have one thing in common—they're too frail. The password policies currently implemented by many service providers don’t stand a chance against the sophisticated password cracking methods that hackers use nowadays. Recent cyber attacks are proof of this.

So, how can you improve your cloud applications' security? ADSelfService Plus can help.

How it works

ADSelfService Plus comes with a granular password policy enforcer feature, which enforces strong password policy controls seamlessly across multiple cloud applications. The password synchronization feature in ADSelfService Plus makes sure that user accounts across both cloud applications and on-premises systems are safeguarded by the same robust password policy controls.

Advanced password policy rules for heightened security

ADSelfService Plus has a number of password policy rules that are not natively available in many cloud applications. These rules are specifically designed to protect against some of the most common password attack methods used by hackers, including dictionary attacks, rainbow table attacks, and brute force attacks. ADSelfService Plus' password policy rules include:

• Dictionary rule: Block passwords that contain entries from both language dictionaries and hacker dictionaries.
• Keyboard patterns: Reject common keyboard patterns such as QWERTY, 12345, ASDFGH, etc.
• Repeating patterns: Ban passwords containing characters that are repeated consecutively, consecutive characters from usernames, and palindromes.
• Multiple complexity enhancements: Enforce both lowercase and uppercase letters, specify the exact number of special characters and digits required, make Unicode characters mandatory, make starting passwords with a letter mandatory, and more.
• Passphrases support: A passphrase is longer than a password and contains spaces in between words. Unlike regular passwords, they're much easier to remember and much harder to hack. With ADSelfService Plus, you can enable passphrases for cloud applications.
• Password history check for password resets: Prevent users from circumventing the minimum password age and using their old passwords during password resets. By default, password history checks are only done when users change their password. ADSelfService Plus checks for password history during password resets, too.

Centralized password policy management for multiple cloud applications

With ADSelfService Plus, you can create and manage password policies for multiple cloud applications from a centralized console. There's no need to jump between multiple cloud applications every time your organization's IT security policy changes. ADSelfService Plus helps you configure and enforce a strong password policy across multiple cloud applications from a single window.

Integration with Active Directory password policy

ADSelfService Plus' password policy enforcer can be applied to users’ on-premises accounts, too, including Windows Active Directory, IBM iSeries, Oracle Database, and HP UX. The password policy rules configured in ADSelfService Plus take effect even during password resets done by administrators using native tools such as the Active Directory Users and Computers (ADUC) console. By extending the granular password policy controls that govern Active Directory to cloud applications, you can make sure that the passwords for all accounts have the same complexity rules, expiration dates, etc. This makes password management easier for both end users and administrators, and reduces password-related issues to a great extent.

Convenient custom password policy messages

ADSelfService Plus can also replace the obscure password policy rules displayed during change password operations on the Ctrl+Alt+Del screen. By default, Windows doesn't specifically define which rules a user's password fails to comply with. ADSelfService Plus can display the correct password requirements to end users, including the exact number of special characters, numbers, lower case letters, etc. This helps users easily pick a strong password on their first try.

Enforce different policies for different users, granularly

Another advantage of extending AD password policy controls to cloud applications is that it allows you to cover privileged accounts with tighter password policies and implement a somewhat lenient password policy for normal user accounts. You can use the built-in organization units and groups in Windows Active Directory to apply password policies to users’ cloud accounts. This helps you keep the number of password reset help desk tickets in check.