Forum Discussion

Fujitsu-Willem's avatar
Fujitsu-Willem
Copper Contributor
Dec 11, 2019

Global banned password list

Good afternoon All, 

 

I'm new to the MS Tech Community and I'm looking for an answer on a question related to "the Global banned password list". (https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-password-ban-bad) 

 

My question is: is the solution language depended, in other words how effective will it be for a non english speaking country (Europe) 

 

Cheers,

 

Willem

    • eli1234's avatar
      eli1234
      Copper Contributor

      Unfortunately it seems to be "english only". It doesn't e.g. block different languages "January - December" and other common password compositions from local languages. I recommend each reader to e.g. check in you local language "June2021!" if that is accepted (with or without the exclamation mark, depending on how long your "june" is. This pattern is for instance a very common way by the users to "roll their password" forward every time they need to change the password. And since the custom passwords list can only contain 1000 words, you cannot start adding local dictionaries either. So good luck in making your "local language deployment" block commonly used passwords - it will not do that. It doesn't even require several components since the solution interprets most of the local language words as an "arbitrary string of letters" -> password policy met -> your AD password policy that requires 3 different character sets becomes more restricting.

Resources