Active Directory Password Policy Enforcement

Enforcing complex, unique passwords in your AD environment may be the fastest and cheapest way to improve your security

Request a Free Trial

Powered by ChronoForms -

Why do you need password policy enforcement?

Weak, insecure, and stolen passwords puts your network at risk. Password policies don't prevent employees from using known comprised passwords. Due to the fact that users are historically bad at creating difficult to guess passwords, users tend to choose predictable, easy-to-guess passwords instead.

Coupled with password reuse, these poor password hygiene practices undermine your security controls.

Password Policy Enforcement Advantages

Protect against Credential Stuffing attacks

Protect against Credential Stuffing attacks

Enforce password hygiene with dozens of filters

Enforce password hygiene with dozens of filters

Prevent the use of known compromised passwords

Prevent the use of known compromised passwords



There are common bad practices we need to avoid in passwords:

  • Prevent the username in their password (First name, Last Name, SAMAccount Name, & UPN)
  • Prevent the use of keyboard sequences like qwerty
  • Prevent the use of repeating characters 111
  • Prevent the use of repeating patterns 123123

Not every organization is ready to abandon all password policies such as uppercase letter, lowercase letter, number and a special character in passwords in favor of the new NIST Policy.

Build a password policy that satisfies the organizational needs, however, keep in mind favor the user so they can create a strong password that won’t change until detected in a breach.


Attackers know that humans are creatures of habit. So, when they attempt to guess a user’s password, they start with commonly known breached passwords.

To protect your users, you should always check your corporate user’s passwords against a breached password list. If one of your users’ password matches a password that been previously used, you should disallow it, and force the user to choose another unique password.

StealthAUDIT can detect and report on weak, shared or previously used passwords, allowing administrators to force a password reset and to reduce the risk of compromise.

Once cleaned up, StealthINTERCEPT Enterprise Password Enforcer (EPE) can enforce complexity and uniqueness, by automatically blocking unsafe passwords from being used, to keep your passwords and your organization safe.

Achieve Compliance

…it is recommended that passwords chosen by users be compared against a “black list” of unacceptable passwords. This list should include passwords from previous breach corpuses, dictionary words, and specific words (such as the name of the service itself) that users are likely to choose.

Learn About the StealthINTERCEPT Enterprise Password Enforcer

Stealthbits IS TRUSTED BY

BlackRock Logo
NBC Universal Logo
MasterCard Logo
University of Alabama Logo
Stealthbits logo

Seeing is believing.

Request a Demo


StealthINTERCEPT Enterprise Password Enforcer

Data Sheet

Learn More

Are Weak Passwords Putting You At Risk?

Solution Brief

Learn More

Free Risk Assessment
Free Trial Request
STEALTHbits Demo Request
Browse Resource Library