Specops Breached Password Protection

Specops Breached Password Protection is a service that checks your Active Directory passwords against a continuously updated list of compromised passwords. The list contains over 2 billion passwords from major breach incidents as well as passwords used in real attacks happening right now. During a password change in Active Directory, the service will block and notify users if the password they have chosen is found in the banned list.

How Does it Work?

There are two editions of the Breached Password Protection service, Complete and Express. Both are included when you enable Breached Password Protection in Specops Password Policy.

You can enable one or the other per your security preferences but we recommend enabling both if you are able.

Breached Password Protection Complete is over 2 billion passwords strong and connects to your network via an API key. When enabled, the service will check your users’ passwords during a password change or reset and notify them via email or SMS if that password was found to be a known breached one and can require them to change it at next logon.

Breached Password Protection Express is an optimized subset of the larger Complete list. When enabled, the service will check your users’ passwords during a password change and block them immediately from using that password. Admins can also configure nightly scans against the Express list. The Express list is also used when running a Password Auditor scan.

Features

RECENT PRODUCTS

SUBSCRIBE

Get monthly updates and news.