How to create and use password dictionaries to enforce strong password usage for administrators and We Email Protection users on PGP Encryption Server.
PGP Encryption Server 10.5.1 and above.
As a SuperUser, you can create password dictionaries to prevent dictionary-based attacks. A password dictionary contains a list of terms that administrators and Web Email Protection users cannot use while creating a password.
To enforce strong passwords, first enable the usage of password dictionaries. Then, create a password dictionary that includes specific terms that are susceptible to attacks, upload the dictionary, and let Symantec Encryption Management Server evaluate and restrict administrators and Web Email Protection users from creating weak passphrases.
You can include up to 25000 terms when you upload a password dictionary. If you want to add more than 25000 terms, edit the dictionary to add the terms, and then upload another file containing weak passwords.
A password creation or password reset task fails when administrators or Web Email Protection users use a term as their password that matches (case-insensitive) with a term in the password dictionary. Usage of password dictionaries is disabled by default.
You can enable the feature using the Symantec Encryption Management Server Administration Console as follows:
Using the Symantec Encryption Management Server Administration Console and navigating to System > Administrators > Security Settings button > Manage Dictionaries, you can perform the following password dictionaries management tasks:
Note: The dictionaries will be a literal matching, and not a pattern matching.
For example, if your dictionary was "password", but you used the password "password12345", this will not be a match. This is due to only exact word/dictionary matches being used.
If someone attempts to use "password" as their password, the dictionary rules will block this.