[Tips & Tricks] Blacklist passwords using ADSelfService Plus

[Tips & Tricks] Blacklist passwords using ADSelfService Plus

With the rise in number of enterprise applications, it can be relatively easy for users to fall into the habit of using passwords like ‘Password@123’. This password complies with several password hardening measures and satisfies the Windows Active Directory password complexity requirements as well. However, it can be easily cracked by means of a dictionary attack.

ADSelfService Plus secures passwords from sophisticated password attacks by disallowing users from using commonly used passwords, patterns, and dictionary words. Moreover, you can edit the default dictionary file by adding commonplace and stolen passwords so that the attacker cannot reuse the stolen credentials.

In this article, let me walk you through the process of blacklisting passwords through ADSelfService Plus.

Steps to configure Dictionary Rule in ADSelfService Plus.

1.       Log in to ADSelfService Plus web console as an administrator.

2.       Navigate to Configuration tab > Self-Service section > Password Policy Enforcer.

3.       Choose the desired self-service policy from the Select the Policy drop-down.

4.       Select the Enforce Custom Password Policy checkbox.

5.       In the list of settings that are displayed, select the Disallow the use of dictionary words checkbox. Once this option is selected, a new popup window, Choose Dictionary, will open.


6.       In the new window, configure ADSelfService Plus to use your custom dictionary word list by clicking on the Browse button and uploading your dictionary file.

       Important: How to blacklist new words in the dictionary?

       Go to <Installation folder>/webapps/adssp/resources/dictionaries.

       Open defaultDictionary via an appropriate applications such as Notepad++ or Code Writer. In the window that opens, enter the passwords to be blacklisted.       


       Save the edits in the dictionary file.  

7.       Select the Restrict Passwords which contains dictionary words option to restrict passwords which contains dictionary words. That is, when the option is checked, password like 'Thisismypassword' is restricted. If this option is left unchecked, only the passwords which are exact dictionary words are restricted. That means, the password 'Thisismypassword', as it not an exact dictionary word, will not be restricted.

8.       Click OK and then Save.

Like this tip? Get the most out of ADSelfService Plus by checking out more tips and tricks here.



      New to ADSelfService Plus?


                  Related Products