Endpoint Admission Defense Help >> Operation Guide >> Password Control >> Modify Password Dictionary

Modify Password Dictionary

Perform this task to modify the password dictionary.

Operation Procedure

1. Click the User tab. From the navigation tree, select User Security Policy > Password Control. Enter the page for managing password control.
2. Upload the password dictionary file, and set the default strategy model.
3. Click OK.

Parameters

• Upload Password Dictionary: Select the option to upload the password dictionary.
• Password Dictionary File: Defines the weak passwords. If the iNode client detects that the operating system password matches a weak password in the dictionary file, it considers that the password is not secure and take corresponding measures according to the security level. The field appears only when the Upload Password Dictionary option is selected. The file consists of multiple lines, each of which contains one password.
• Default Action for Check Failure: Select the default action for check failure in the security level of the password control. Options are Monitor, Inform, Isolate, Kick Out, and Block and Kick Out.
• Download URL: Provides the URL path for downloading the password dictionary. Administrators can download this file, update the file as needed, and upload the file to the iNode client, so that the client operates according to the new password dictionary.

Precautions

• The dictionary password file must be smaller than 2 M and named passwordDic.txt.
• If the user is a domain user, the client will not check the operating system password even if the password control is configured.
• Besides the weak passwords defined in the password dictionary, the iNode client considers the following four types of passwords weak:
  1. The password is the same as the login username or is null.
  2. Passwords consisting of one to four identical letters, such as, a, aa, aaa, aaaa, z, zz, zzz, and zzzz.
  3. Passwords consisting of two to four consecutive letters, such as ab, abc, abcd, bc, bcd, and bcde.
  4. Passwords consisting of one to five digits. Note that passwords such as 010000 and 099999 consist of more than five digits and are therefore not considered weak passwords.
  
• The client checks the operating system password for security regularly when the user is online. If the password is weak, the client reports the situation to the EAD server for corresponding actions.