Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community

Global banned password list

Copper Contributor

Good afternoon All, 


I'm new to the MS Tech Community and I'm looking for an answer on a question related to "the Global banned password list". ( 


My question is: is the solution language depended, in other words how effective will it be for a non english speaking country (Europe) 





3 Replies

No, the solution is not language dependant. It simply does not let you have an easy password such as 'Password123' since it would not receive a high enough score and the phrase 'Password' is represented all around hash-dumps. For instance, I live in Sweden and it would not let me choose 'Sommar' (Swedish for summer).

Unfortunately it seems to be "english only". It doesn't e.g. block different languages "January - December" and other common password compositions from local languages. I recommend each reader to e.g. check in you local language "June2021!" if that is accepted (with or without the exclamation mark, depending on how long your "june" is. This pattern is for instance a very common way by the users to "roll their password" forward every time they need to change the password. And since the custom passwords list can only contain 1000 words, you cannot start adding local dictionaries either. So good luck in making your "local language deployment" block commonly used passwords - it will not do that. It doesn't even require several components since the solution interprets most of the local language words as an "arbitrary string of letters" -> password policy met -> your AD password policy that requires 3 different character sets becomes more restricting.