|
General
Questions
What does Password Bouncer cost?
Contact
Avatier for pricing or use our web link. http://customerpricing.avatier.com/GetPricing1.aspx
Password
Bouncer expires one year after activation and can be renewed by purchasing
another year of use. Contact us for perpetual and enterprise licensing
of Password Bouncer.
Where does Password Bouncer run?
Password
Bouncer runs as a service on your domain controller, and its administrative
console runs as an installed client on the system administrator's computer.
(back to top)
Can I use Password Bouncer with Trusted
Enterprise Manager (TEM)?
Password
Bouncer is compatible with TEM 4.0 and above. Evaluators currently using
earlier versions of TEM should carefully review the README and
implementation guideline files included with Password Bouncer to completely
understand how it will impact their environment and whether to proceed with
installation at this time.
(back to top)
Can I use Password Bouncer with other
third party systems management products?
Most
third party user provisioning tools that utilize standard Microsoft NETAPI calls to create and/or copy
user accounts may be affected. This is due to a procedural issue
caused by the API where a default password, which is too weak, is assigned
to the new account prior to the real password that the creator established.
TEM v4.0 (and above) lives by the Password Bouncer/TEM strength rules for
the initial temporary password and therefore does not have this
restriction.
(back to top)
How can I get additional word lists?
Upgrading
to the Enhanced Password Bouncer Editions (when available) will include all
available wordlists from Avatier (including foreign languages).
Alternatively, you may use the Custom Wordlist option in Password Bouncer
to import any lists that are in the proper format.
(back to top)
Doesn't Windows 2000 solve
password strength issues?
While
Windows 2000 protects passwords better than native NT 4.0, it still has
significant vulnerabilities and inflexibilities that are superiorly handled
by Password Bouncer. In most cases, Win2K is still susceptible to
"dictionary" and "brute force" attacks and other tricks
of the hacker trade, which Password Bouncer can protect you from.
Even if
the Default Domain Policy for Password Complexity is enabled, it just
requires that the password contain characters from any three of the
following four lists: 0-9, A-Z, a-z, and/or from a list of special keyboard
characters. It does not support positional numeric or special
characters, restrict repeating sequences, nor handle palindrome (same
characters forward and backward like "radar") checks that can cut
hacking time in half. For example, the password: 1RaDaR1 would pass
WIN2K's complexity criteria if minimum length is seven, but it would fail
Password Bouncer's criteria on potentially several optional rules. At
the very least, it would fail due to the word "radar" being
included and optimally due to it being a palindrome. If it takes
Password Bouncer less than seven seconds to determine embedded words like
this and other complexity rules, how fast do you think that hackers could
determine your apparently strong password?
Also,
Win2k's Kerberos authentication has more secure protection from password
"sniffing" than the traditional LAN Manager method used in other Microsoft OS's, but it can only be implemented
on networks where ALL machines are running Win2k (and Win9x with the Active
Directory client) and all are in the same (or "trusting")
domain. This scenario may not be a reality for most networks at this
time.
(back to top)
|
Open
support ticket
Email a friend!
