and more in a single search tool across platforms. Read the announcement here. |
12/13/2023 01:20 PM - edited 12/13/2023 01:21 PM
Hello - Does Saviynt currently support the ability to reject known compromised or weak passwords* as part of the password change flow? I see the ability to reject common dictionary words but I am not seeing the ability to deny compromised or weak passwords.
A compromised password blacklist is table stakes for a password management tool and if it is not currently supported, I hope it is planned for future release.
Thanks
*Weak passwords are those that meet complexity policy but are still very easy to guess ( "P@ssw0rd" for example).
Solved! Go to Solution.
12/13/2023 06:51 PM - edited 12/13/2023 06:54 PM
You can define same in File Directory - Blacklisted keywords
Use Blacklist Dictionary | You can update the password blacklist dictionary file (blacklist.txt) to prevent certain words from being used in passwords
Note To configure the dictionary, see Managing the Password Blacklists Files. |
12/14/2023 07:26 AM
HI @rushikeshvartak - my understanding is that the blacklist is a static list of words. I was looking for a deny based on known compromised passwords.
12/14/2023 07:44 PM
You can update known comprised passwords in blacklist.txt
12/14/2023 08:10 PM
@robcivitello We have used the Blacklisted Keywords to accertain this.
There is no way to dynamically identify those list.
12/14/2023 08:11 PM
Currently Blacklist.txt is a static dictionary list which has to be maintained. There is no dynamic list or known / compromised keywords validation as such.
Saviynt does not analyze the password dynamically. However we can add more passwords to the blacklist.txt. We can use global blacklist password list. Some samples attached below.
12/19/2023 03:58 PM
Thank you for the information. We will go the manual route for now, but since weak and compromised password detection is required as part of NIST 800-63 compliance I think Saviynt should consider supporting this globally.
I created an idea for that:
EIC-I-5357
01/19/2024 03:27 AM
Has there ever been a consideration with integrating with something like Have I Been Pawned??? (HIBP)
01/19/2024 05:21 AM
No