Create and use password dictionaries to enforce strong password usage on PGP Encryption Server
search cancel

Create and use password dictionaries to enforce strong password usage on PGP Encryption Server

book

Article ID: 276013

calendar_today

Updated On:

Products

Encryption Management Server Gateway Email Encryption Desktop Email Encryption File Share Encryption

Issue/Introduction

How to create and use password dictionaries to enforce strong password usage for administrators and We Email Protection users on PGP Encryption Server.

Environment

PGP Encryption Server 10.5.1 and above.

Resolution

As a SuperUser, you can create password dictionaries to prevent dictionary-based attacks. A password dictionary contains a list of terms that administrators and Web Email Protection users cannot use while creating a password.

To enforce strong passwords, first enable the usage of password dictionaries. Then, create a password dictionary that includes specific terms that are susceptible to attacks, upload the dictionary, and let PGP Encryption Management Server evaluate and restrict administrators and Web Email Protection users from creating weak passphrases.

You can include up to 25000 terms when you upload a password dictionary. If you want to add more than 25000 terms, edit the dictionary to add the terms, and then upload another file containing weak passwords. 

A password creation or password reset task fails when administrators or Web Email Protection users use a term as their password that matches (case-insensitive) with a term in the password dictionary. Usage of password dictionaries is disabled by default. 

You can enable the feature using the PGP Encryption Management Server Administration Console as follows:

  • For Administrators: Navigate to System > Administrators > Security Settings button > Security Settings page, and select Prevent the use of dictionary terms in a passphrase, and click Save.
  • For Web Email Protection users: Navigate to Consumers > Consumer Policy Name > Symantec Web Email Protection - Edit > General, select Prevent the use of dictionary terms in a passphrase, and click Save.

 

Using the PGP Encryption Management Server Administration Console and navigating to System > Administrators > Security Settings button > Manage Dictionaries, you can perform the following password dictionaries management tasks:

  • Add a password dictionary.
  • Import a password dictionary.
  • Edit an existing password dictionary, including adding, editing, or deleting terms from a dictionary.
  • Delete an existing password dictionary.

 

Note: The dictionaries will be a literal matching, and not a pattern matching. 
For example, if your dictionary was "password", but you used the password "password12345", this will not be a match.  This is due to only exact word/dictionary matches being used.
If someone attempts to use "password" as their password, the dictionary rules will block this.  

Powered by Wolken Software