Password security best practices in PowerShell
According to the 2019 Data Breach Investigation Report by Verizon, stolen credentials are the major cause of data breaches. To safeguard passwords from cyberattacks like brute-force or password spray, compliance regulations like NIST define password security rules to ensure password complexity.
A brief summary of 2019 NIST password security guidelines:
- The minimum and maximum length of the passwords should be eight and sixty-four respectively.
- Permit the usage of printable ASCII characters (including spaces), and Unicode characters.
- Blacklist commonly used words, dictionary words, and breached passwords.
- Restrict the use of repetitive or keyboard sequences.
- Offer guidance, such as a password strength meter, to help users choose a strong password.
- Enforce account lockouts after ten failed authentication attempts.
- Enforce two-factor authentication (2FA) with advanced authentication techniques like Google or Microsoft Authenticator.
All of the above regulations can be enforced on both on-premises and cloud users using ADSelfService Plus, the self-service password management and single sign-on solution. However, it is highly complex to execute the same using PowerShell.
With PowerShell
With ADSelfService Plus
- Configure a password policy with advanced settings via the Password Policy Enforcer
- Go to ADSelfService Plus admin portal.
- Navigate to Configuration > Self-Service > Password Policy Enforcer.
- Enable Enforce Custom Password Policy.
- Ban leaked or weak passwords, keyboard sequences, and palindromes.
- Restrict consecutively repeated characters from the username or old password, as well as common character types at the beginning or end of the passwords.
- Allow users to use Unicode characters in their passwords.
- Display a password strength meter when users change or reset their AD passwords.
- Enforce passphrases.
- Click Save.
- Advanced password policy controls:
Ensures users use strong passwords by banning breached passwords, keyboard sequences, and more.
- Improves IT security:
Supports advanced multi-factor authentication techniques like biometrics and YubiKey to secure self-service password resets and account unlocks.
- Password policy for hybrid AD enforcement:
Admins can enforce custom password policies for users' Active Directory and cloud accounts.
- Compliance:
Advanced password policy controls for hybrid AD environments.
Get 30-day free trialRelated Resources
- Password Expiry Email Notification using powershell
- Account Expiry Notification using Powershell Script
- How to unlock active directory user account using Powershell Script?
- How to sync active directory password with Office 365 using Powershell
- How to blacklist weak Active Directory passwords
- Self-service Active Directory Password Reset with Powershell
- Powershell Script to Reset User's Password in Google Apps
- How to audit Active Directory Password Quality using Powershell
- Office 365 Password Policy with PowerShell
- How to change user password at first logon using Powershell Script
- How to reset an Azure Active Directory User Password using Powershell
- How to automate Password Reset with Powershell Command
- How to automate unlock with powershell
- How to Get Password Age with Powershell
- How to change Local User Password Remotely using PowerShell script
- How to identify Active Directory Users with Pwned Passwords using Powershell?
- How to self-update active directory details using Powershell
- Powershell password security best practices
- How to enforce password policy for AD user using powershell
- How to get fine-grained password policy using Powershell
- How to sync password between ad domains using Powershell?
- How to find bad password attempts in Active Directory using PowerShell
