Posted on 02-17-2021 06:43 AM
Hi there,
Is there a way to block users from using passwords containing certain words or phrases?
I know there is the complex password setting which stops sequential letters and numbers like "1234" and "abcd". But is it possible to stop users using the company name or their own name in a password?
Cheers
Posted on 02-17-2021 11:20 AM
Jamf Pro doesn't support more than what Apple's Passcode payload provides in a Configuration Profile. The payload doesn't include the ability to set any sort of custom dictionary.
I wouldn't worry so much about passwords containing your company or user name as opposed to equaling your company or user name. You're only reducing the number of possible choices instead of making the password more difficult to crack.
Follow the NIST guidelines as listed here: https://securityboulevard.com/2019/03/nist-800-63-password-guidelines/
The basic rule of thumb for a stronger password is to make it longer not more complex. Require a minimum number of characters such as 12 or 16 and then encourage the use of pass phrases, which are easy to remember and quick to type.
Examples: mary had a little lamb
or mary-had-a-little-lamb
Each of those is 23 characters long (and spaces do count as characters). Anyone can remember that in just a few seconds and anyone who's a touch-typist can quickly type that compared to something like r/R-2j1513Kx2T&w
, which is only 16 characters, or Kg}?s8u3
, which is only eight characters.
If you haven't read XKCD's classic complex password cartoon, it's worth a minute of your time: https://xkcd.com/936/
Posted on 02-17-2021 11:49 PM
Thanks for the response, appreciate the advice.
Currently have the minimum at 8, will likely increase the minimum now.
Unfortunately, for lots of our employees old habits die hard and they insist on putting the company name and the year together as a password, hence the original question, but that's something communication can fix.
Thanks again for the links too!