The Web    Google
New Tool Helps Ensure Users Employ Strong Passwords

New Tool Helps Ensure Users Employ Strong Passwords
May 3, 2002

Avatier Corp. of San Ramon, Calif. this week announced a tool intended to prevent users from choosing passwords that can be easily cracked, even by intruders employing automated "dictionary dialers" that scroll through thousands of common passwords in minutes.

Avatier's Password Bouncer Deluxe helps companies enforce password policies that dictate what form passwords should take, such as a combination of numbers with upper and lower case letters. At the time users change their passwords, Password Bouncer screens the new password and rejects any that don't comply to company policy.

Password Bouncer works with Microsoft NT 4.0, Windows 2000 and .NET environments and is compatible with Active Directory. It can complement Windows policies that dictate how often users must change their passwords.

The product includes a word list with more than 644,000 common words and 4,000 proper names, in English, Spanish, French, German and Italian. Users can also add their own custom words to the list.

Companies can configure Password Bouncer to enforce whatever type of password policy they choose, down to specific letter/number combinations. If a password is rejected for non-compliance, the product alerts the user as to why the password failed. It also enables password rules and policies to be published to a Web page, to educate users about password policies.

Avatier claims the product takes only five minutes to deploy and reduces administrative costs associated with auditing for weak passwords. The company says it can filter more than 500,000 words in less than a half-second.

While Password Bouncer helps ensure users employ strong passwords, it doesn't help them remember what passwords they choose. In fact, forcing users to choose strong passwords can be a double-edged sword, in that many users will write the password down, often in plain view for others to see.

Avatier's other product, Password Station .NET, can help reduce that behavior somewhat because it allows employees who forget their password to reset it without administrator intervention.

Password Bouncer Deluxe is available now, priced at $1,995 per domain per year, or $9,995 per domain for a perpetual license.

  • Security Flaw Found In Sun Solaris Servers
  • Bagle-BK Worm Downloads Code
  • 4/29: Kelvir-D an IM Worm
  • Cisco Warns of Voice Product Security Flaws
  • New nCipher Product Targets Online Payment Card Fraud
  • ISPs Band Together Against Spam
  • Biometrics Makes Passwords Positively Paltry
  • Visa is monitoring merchants for security compliance
  • House Passes Anti-Spyware Bill
  • 3/28: Mytob-S Worm Exploits LSASS Flaw
  • 11/30: SymbOS/Skulls-B is a Trojan
  • Cheap Security Camera