ad-password-protection
Active Directory password filter featuring breached password checking and custom complexity rules (by lithnet)
800-63-3
Home to public development of NIST Special Publication 800-63-3: Digital Authentication Guidelines (by usnistgov)
Our great sponsors
| ad-password-protection | 800-63-3 | |
|---|---|---|
| 20 | 12 | |
| 453 | 699 | |
| 5.3% | 0.0% | |
| 6.3 | 0.0 | |
| 12 months ago | over 1 year ago | |
| C# | CSS | |
| MIT License | GNU General Public License v3.0 or later |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
ad-password-protection
Posts with mentions or reviews of ad-password-protection.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-05-04.
- AD password policy enforcers that can do compromised checks when user sets password?
-
Password Filter AD
I would like to enforce my active directory policy by adding a password filter. I had already found the solution Lithnet Password filter on Github (https://github.com/lithnet/ad-password-protection). This solution is really great but unfortunately, it applies to all users and not to a specific group. Do you know another solution with more granularity?
-
Password expires notification
Luckily there are a few open source options you can use, eg: https://github.com/lithnet/ad-password-protection
- Do any of you use On-Premise Active Directory Password Enforcement?
-
Add HaveIBeenPwned password checks to ADFS
Not currently an adfs user, but at first glance blocking them at creation seems better to me... https://github.com/lithnet/ad-password-protection
- Active Directory and blocking common passwords
- Security Cadence: Passphrases
-
Changing Password policy
You might want to look at Lithnet Password Policies it sounds similar to some of the AzureAD password options but it allows for tiered length and complexity as well.
-
Looking for recommendations for improving password strength in AD (3rd party apps that extend group policy, etc)
For local AD: https://github.com/lithnet/ad-password-protection
800-63-3
Posts with mentions or reviews of 800-63-3.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-12-25.
- Is 2FA possible for Chase?
-
I need a regex for a password validation in java
I see you got your regex, but please consider reading the nist guidelines https://pages.nist.gov/800-63-3/ It is an excellent resource in password policies that isn't shared nearly enough.
-
Twitter API hacked, Over 400 million user's database being sold online
Even NIST outright recommends against SMS/phone 2FA.
-
Looking to invest in authentication and verification in the digital world
ID.me is the first NIST 800-63-3 approved company. https://www.businesswire.com/news/home/20180816005147/en/ID.me-Becomes-First-Identity-Provider-to-Be-Approved-as-NIST-800-63-3-Conformant & https://insights.id.me/article/what-are-the-nist-800-63-digital-identity-guidelines/
-
Stupid Security Things
NIST has made a series of sensible guidelines:
https://pages.nist.gov/800-63-3/
They now need to be made enforceable, whether by government requiring them in government contracts, or indirectly by insurers excluding coverage if they are not met.
- Identity Management for WireGuard
-
How do I tell my security team to tone it down with the phishing e-mails?
I just tell our customer's compliance systems and vendors (there's usually a space to explain why you're not doing a given thing) that we'll start rotating passwords as soon as NIST recommends it (again) , and no sooner. Nobody has ever failed a test nor have I even been asked about this stance. Flies right under the radar.
- Password Never Expires Debate
-
New and Improved TSP site up and running?
Several hundred pages if you want to read it all - https://pages.nist.gov/800-63-3/.
- 90-day password-reset policy for "insurance reasons"
What are some alternatives?
When comparing ad-password-protection and 800-63-3 you can also consider the following projects:
ItroublveTSC - Official Source of ItroublveTSC, totally open source. No virus or anything. Feel free to have a look :)
OpenPasswordFilter - An open source custom password filter DLL and userspace service to better protect / control Active Directory domain passwords.
PwnedPasswordsDLL - Open source solution to check prospective AD passwords against previously breached passwords
ImprosecPasswordFilter
DSInternals - Directory Services Internals (DSInternals) PowerShell Module and Framework
OpenSK - OpenSK is an open-source implementation for security keys written in Rust that supports both FIDO U2F and FIDO2 standards.
HIBPOfflineCheck - Keepass plugin that performs offline and online checks against HaveIBeenPwned passwords
VxWireguard-Generator - Utility to generate VXLAN over Wireguard mesh SD-WAN configuration
Get-bADpasswords - Get insights into the actual strength and quality of passwords in Active Directory.
ad-password-protection vs ItroublveTSC
800-63-3 vs OpenPasswordFilter
ad-password-protection vs OpenPasswordFilter
800-63-3 vs PwnedPasswordsDLL
ad-password-protection vs ImprosecPasswordFilter
800-63-3 vs DSInternals
ad-password-protection vs DSInternals
800-63-3 vs OpenSK
ad-password-protection vs HIBPOfflineCheck
800-63-3 vs VxWireguard-Generator
ad-password-protection vs PwnedPasswordsDLL
ad-password-protection vs Get-bADpasswords