Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Weak / Compromised Password Monitoring

Go to solution
robcivitello
New Contributor III
New Contributor III

‎12/13/2023 01:20 PM - edited ‎12/13/2023 01:21 PM

Hello - Does Saviynt currently support the ability to reject known compromised or weak passwords* as part of the password change flow?  I see the ability to reject common dictionary words but I am not seeing the ability to deny compromised or weak passwords.  

A compromised password blacklist is table stakes for a password management tool and if it is not currently supported, I hope it is planned for future release.

Thanks

*Weak passwords are those that meet complexity policy but are still very easy to guess ( "P@ssw0rd" for example).

Labels:
0 Kudos
8 REPLIES 8

Go to solution
rushikeshvartak
All-Star
All-Star

‎12/13/2023 06:51 PM - edited ‎12/13/2023 06:54 PM

You can define same in File Directory - Blacklisted keywords

rushikeshvartak_0-1702522252003.png

Use Blacklist Dictionary

You can update the password blacklist dictionary file (blacklist.txt) to prevent certain words from being used in passwords

  • Yes: Select this option to enable the dictionary. A password is rejected if its value matches a term in a dictionary that you configure, containing a list of unwanted terms.

  • No: Select this option to disable the dictionary.

Note

To configure the dictionary, see Managing the Password Blacklists Files.

https://docs.saviyntcloud.com/bundle/EIC-Admin-v23x/page/Content/Chapter06-EIC-Configurations/Config...

 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

Go to solution
robcivitello
New Contributor III
New Contributor III

‎12/14/2023 07:26 AM

HI @rushikeshvartak  - my understanding is that the blacklist is a static list of words. I was looking for a deny based on known compromised passwords.  

0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to robcivitello

‎12/14/2023 07:44 PM

You can update known comprised passwords in blacklist.txt


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

Go to solution
Manu269
All-Star
All-Star

‎12/14/2023 08:10 PM

@robcivitello We have used the Blacklisted Keywords to accertain this.

There is no way to dynamically identify those list.

Regards
Manish Kumar
If the response answered your query, please Accept As Solution and Kudos
.
0 Kudos

Go to solution
Rajesh-R
Saviynt Employee
Saviynt Employee

‎12/14/2023 08:11 PM

@robcivitello 

Currently Blacklist.txt is a static dictionary list which has to be maintained. There is no dynamic list or known / compromised keywords validation as such.

Saviynt does not analyze the password dynamically.  However we can add more passwords to the blacklist.txt. We can use global blacklist password list. Some samples attached below.


Thanks
Rajesh Ramalingam
Saviynt India
Preview file
4 KB
Preview file
4 KB
Preview file
1 KB
Preview file
8 KB
Preview file
75 KB
Preview file
764 KB
Preview file
8330 KB
0 Kudos

Go to solution
robcivitello
New Contributor III
New Contributor III

‎12/19/2023 03:58 PM

Thank you for the information. We will go the manual route for now, but since weak and compromised password detection is required as part of NIST 800-63 compliance I think Saviynt should consider supporting this globally.  

I created an idea for that:
EIC-I-5357

Go to solution
DanielA23
New Contributor
New Contributor

‎01/19/2024 03:27 AM

Has there ever been a consideration with integrating with something like Have I Been Pawned??? (HIBP)

0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to DanielA23

‎01/19/2024 05:21 AM

No


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos
Copyright © 2024 Khoros, LLC