Hi Chris, there is no permanently fixed list of dictionary words, so I doubt any implementation could use the word "never' in this regard. When PAM generates a password, it's completely random, and for passwords 16 characters or longer there is no realistic concern that such a password would match a dictionary word. If you choose a password length of 128 characters, the odds would be astronomical. Checks against dictionary words are very valuable when it comes to accepting (or not) passwords that are entered manually by someone. But then no PVP would be involved. That's why I asked whether you are concerned with local PAM user accounts.
Original Message:
Sent: 03-10-2020 10:04 AM
From: Chris Scott
Subject: Password Policy customization
Ralf,
Thank you for your reply.
Organizations are adopting password policies to specifically prohibit dictionary words.
Does CA PAM ensure the password it generates is never a dictionary word?
Original Message:
Sent: 03-10-2020 09:43 AM
From: Ralf Prigl
Subject: Password Policy customization
Hello Chris, Can you clarify what your concern is here? Are you concerned about passwords of local users in PAM? Or is it about Credential Management? For the latter, a Password Composition Policy with a long maximum password length should address any concern in this regard.
Original Message:
Sent: 03-07-2020 08:27 AM
From: Chris Scott
Subject: Password Policy customization
Hello,
Many organizations today are setting more stringent administrative controls over password composition.
One such administrative control is to disallow passwords which are based on dictionary words or from a list of frequently compromised passwords.
Is their an existing product roadmap to assist in helping organizations enforce this requirement?
Thanks
Chris