Password strength & account sync tool
WizardSoft ActivePasswords is our lightweight, powerful and fully customizable password strength & account synchronization tool. It gives the system administrator fine-grained control of Active Directory password complexity settings. ActivePasswords makes it possible and easy to manage multiple fully customizable password complexity policies for a selection of Active Directory security groups or organizational units.
some of our customers:
Force use of strong passwords
Our tool ensures that your end-users use strong passwords while limiting help desk calls related to passwords. It is a powerful password rules validator for Windows Server. Native code means fast execution and reliable in use. ActivePasswords uses official Windows API hooks to achieve its goals and is unicode compatible.
A -no questions asked- trial is available for download . You also want to read the QuickStart Manual. If no license key is entered ActivePasswords will be fully functional for 30 days after installation. After this period ActivePasswords will stop functioning and your servers will continue to function like they did before installing ActivePasswords.
ActivePasswords periodically queries your Active Directory for changes and makes those changes available in a practical text format for optional processing by your own scripts. It also is a great source for creating reports on AD user properties and group memberships (all inclusive, including nested security groups). These scripts can be used to automatically synchronize AD user account properties and passwords to Microsoft Office 365, Google Apps or a second remote LDAP/ADSI/AD domain. Example scripts are included that configure user accounts for Office 365 and Google Apps. ActivePasswords can also automatically import users from text files to Active Directory.
Password change reminder
Optionally you can run the small tool PCR (short for PasswordChangeRequest) on client computers that will periodically warn the user starting 8 days before her password expires. Users see a customizable clear top level message pop-up requesting a password change. This is much better than the default behaviour of Windows: it only displays a small balloon tip for a short moment in the notification area that says 'consider changing your password'…
With ActivePasswords you decide what complexity requirements must be satisfied when a domain passwords is changed or reset. Settings are configured with Group Policy.
You can apply different password policies for selected Active Directory security groups or organizational units. In a school environment students can have an easy password while teachers must have strong passwords.
ActivePasswords Settings (all optional)
- Minimum password length
- Maximum password length
- Minimum number of words (useful to enforce the use of password phrases)
- Maximum number of repeated characters (prevents a password like 'Aaaaaaa1')
- Maximum number of consecutive ascending or descending characters (prevents '1234Cba')
- Minimum number of upper case letters
- Minimum number of lower case letters
- Minimum number of special characters (like @, %)
- Minimum number of character categories
- Must not contain a space
- Must not contain any vowels (aeiou)
- Only allow certain characters
- Forbid specific characters
- Does not contain any part of the username or user first or last name
- Does not contain any custom forbidden/illegal words (read from utf-8 text file or group policy)
- Does not contain any obfuscations/alterations of forbidden words or name
- Validate the password against a regular expression ('abC' will pass '[a-z]b[A-Z]'; 'abc' won't)
- Validate the password on change and optionally reset event
- Have I Been Pwned web service blacklist check for compromised passwords
ActivePasswords has no problem with a forbidden word dictionary that contains ten thousands of words. The words must not appear anywhere in the password. E.g. myPassword11 will not pass the test if the word password is in the list.
ActivePasswords rule example:
- The password has at least 2 upper and 2 lower case letters
- has at least 1 number
- may not contain the username, first or last name
- may not contain a space
- is at least 5 and at most 16 characters long
- may not contain the words 'password, welcome, login and company' or obfuscations of these words like 'P@ssw0rD'
- is checked on password change and reset events
Installation is easy: install ActivePasswords on each of your domain controllers (Windows Server 2008(R2), 2012(R2) and 2016 are supported), configure the group policies to your liking and after one reboot you are done. No need to touch your desktops and laptops. You can keep track of password related events through the Windows event viewer and a log file.
ActivePasswords pricing is based on the number of enabled and targeted Active Directory users and is subscription based. A subscription gives you usage rights, updates and e-mail support for 1 year. Only $1.25 (€1.10) per user per year! (a minimum amount of 50 licenses applies)
We offer a substantial discount to educational institutions. Contact us by e-mail for discount details using your campus e-mail address.
Please contact us via firstname.lastname@example.org should you have any questions or suggestions!
*Digital River GmbH (Share-it) and 2Checkout (Avangate) are our sellers and handle payment and invoicing.