topic Re: Feature Request - External AD Authentication Complex Passwords in StoreVirtual Storage

Feature Request - External AD Authentication Complex Passwords

BG76 — Mon, 21 Nov 2016 22:14:53 GMT

Hello,

I have a VSA 12.6 implementation that I just integrated into our AD. However, I noticed when I logged in using my AD credentials, which has a period in the password, I get an error message stating that passwords with a "." are not permitted.

I opened a ticket, and support advised that no passwords, even externally authenticated AD passwords, can have special characters, like a period, in them.

We try to use complex passwords, which may contain some of these characters that are not permitted, in our AD environment. I don't know if this is the correct place for feature requests, but I would like to request that AD integrated logins not be bound by those password restrictions in order to maintain password complexity.

Thanks

Re: Feature Request - External AD Authentication Complex Passwords

Stor_Mort — Mon, 28 Nov 2016 18:28:32 GMT

Hi BG76,

Thanks for your comment and request. The special character restrictions for passwords are the union of LeftHand OS (Linux) and Microsoft AD password constraints. We have asked the devs for a simpler, less restrictive policy, but they declined. It was pointed out that a longer random password with a slightly limited symbol set is equivalent to a shorter more complex password. Requiring a longer password, even with a smaller symbol set, is effective protection against password cracking attacks.

And password attacks are just one way of gaining access. You also need to protect against social engineering and many other vectors which are arguably more effective (and faster) than password cracking, which may be one of the less important vulnerabilities today. But it takes time for policy to catch up with reality.