This topic might seem to alarm you since the fate of your company will be placed in the hands of your employees. When I talk to many prospective customers of nFront Security, I hear the common problem of end-users selecting the company name, seasons (Summer, Winter, Fall, and/or Spring), months (January, February, March, etc.), or even the word password as their password. Therefore, the idea of giving end-users the choice of their own passwords would seem like a horrible decision. We agree! That’s why we set boundaries.
We have created two different options for IT Administrators to safely put passwords in the hands of their end-users without the threat of being hacked.
Do keep in mind that with the use of the nFront Password Filter, end-user passwords will be subject to dictionary checking. The dictionary is 100% customizable by your company and can be as restrictive as you set it to be.
The first option is through the Stanford Password Policy. In April of 2014, Stanford University created a unique way for their end-users to create passwords. The end-users now have control over the password complexity requirements based on the length of passwords they select. Shorter passwords will require more character types and longer passwords will require fewer character types. This concept is now called the Stanford Password Policy and has specific requirements.
Here is how the Stanford Password Policy is structured:
- 8-11 character passwords require the use of upper case, lower case, numeric, and special characters
- 12-15 character passwords require the use of upper case, lower case, and numeric characters
- 16-19 character passwords require upper and lower case characters
- 20+ character passwords only require lower case characters
With the nFront Password Filter, you may enforce the Stanford Password Policy with one easy step. All that is needed is to select the option for “Enforce Stanford Password Policy” as seen in the image below:
The second option is through Length-Based Password Aging. Length-Based Password Aging allows you to enforce different maximum password ages for different lengths of passwords. Essentially, it rewards end-users who select longer passwords because it allows them to keep their password for a longer period of time. This option is only available with the nFront Password Filter Multiple Policy Edition.
With Length-Based Aging, you are allowed up to 4 different password aging tiers. The different password aging tiers are customizable by your company. Here is an example of how you could set up 4 different password aging tiers:
- 8-11 character passwords will expire every 90 days
- 12-15 character passwords will expire every 180 days
- 16-19 character passwords will expire every 270 days
- 20+ character passwords will expire every 365
As I previously stated, you are rewarding end-users who want to create a longer, more secure passwords by requiring a password change less frequently and punishing end-users who want to create shorter passwords by changing it more frequently. Here is a link to our YouTube Channel where we have a short video on how to configure the Length-Based Aging Password Policy feature.
Placing passwords in the hand of end-users is not only a smart option, it also provides employee empowerment. Employee empowerment has been known to increase productivity and morale in the workplace.