Configure when users are forced to change passwords, as well as the content of your email and text notifications. Choose if you’d like to use your own mail server or the Specops service to send your email notifications.
Configure when users are forced to change passwords as well as the text of your email notifications.There are two editions of the Breached Password Protection service, Complete and Express. Both are included when you enable Breached Password Protection in Specops Password Policy.
You can enable one or the other per your security preferences but we recommend enabling both if you are able.
Breached Password Protection Complete is over 2 billion passwords strong and connects to your network via an API key. When enabled, the service will check your users’ passwords during a password change or reset and notify them via email or SMS if that password was found to be a known breached one and can require them to change it at next logon.
Breached Password Protection Express is an optimized subset of the larger Complete list. When enabled, the service will check your users’ passwords during a password change and block them immediately from using that password. Admins can also configure nightly scans against the Express list. The Express list is also used when running a Password Auditor scan.
| Features | Active Directory | Azure AD Password Protection | Specops Breached Password Protection |
|---|---|---|---|
| Blocked list includes 3rd party breached passwords (as recommended by orgs like NIST and NCSC) | n/a | No (not a 3rd party list, per Microsoft) | Yes |
| Protects against the use of over 2 billion known breached passwords | n/a | No (fuzzy matches over 1 million) | Yes |
| Blocks passwords used in password spray attacks happening right now | n/a | Partially (only uses base terms on global list) | Yes |
| Updates to blocked list offer immediate protection | n/a | Yes | Yes |
| Offers protection on domain controllers not connected to an external internet | n/a | No | Yes (with Express) |
| On-screen explanation of why the password is rejected | n/a | No (not on-prem) | Yes (with Express) |
| Off-screen notifications of breached password | n/a | No | Yes (text and email) |
RECENT PRODUCTS
CATEGORIES
SUBSCRIBE
Get monthly updates and news.
