cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Passphrase Support

Passphrase Support
25

Upvotes

Upvote
 May 09 2023
9 Comments (9 New)
Working on it

Please add support for passphrases on LAPS where we can use four words dash (-) separated. It makes supporting a device remotely way easier since the password cannot be copied and pasted over remote sessions on most cases. There is too much ambiguity on charactes like “lower case L” “capital case i” and “pipe” and others. Thanks

Comment
Comments
mhartstein
Brass Contributor
‎May 10 2023 06:58 AM
‎May 10 2023 06:58 AM

I wonder where such a feature would pull its "dictionary" of possible words from and how that would work with different languages. If passphrases is not possible for these reasons, even something like a policy setting to exclude "lookalike" characters would be HUGE, since, like Jose said, that is a big pain point.

Jay Simmons
Microsoft
‎May 31 2023 12:10 PM
‎May 31 2023 12:10 PM

Thanks folks for raising this feedback item.  

 

In my opinion, a properly done passphrase feature is quite a large work item.  Ideally the "dictionary" would be hosted in Azure, and yes, would also support multiple languages.  I would also think that an offline dictionary would be required for those onpremises devices that don't have LOS to Azure (believe it or not there are still such devices in the world).   And many customers would likely want the ability to specify a custom dictionary, which would also be hosted in Azure, or maybe hosted in AD or on a sysvol share (in an encrypted format, fwiw).  Lots of things to think about.  This feature will likely not happen quickly - I am moving it to "Backlog" status.

 

Jay

Jay Simmons
Microsoft
‎May 31 2023 12:10 PM
‎May 31 2023 12:10 PM
Status changed to: In the backlog
 
José Luiz Schenardie
Brass Contributor
‎Jul 19 2023 11:58 PM
‎Jul 19 2023 11:58 PM

I think we are overthinking here on all the possibilities of a version 5.0 of LAPS. As they say lets not let the good become the enemy of the perfect. All the scenario with custom and multi language dictionaries and support for offline versions should be indeed considered but i think adding a way of passhprase support (even if only english and only azure ad supported) could be implemented soon and tested with despite putting this feature request under an epic that might never see daylight. 

thanks

essig-admin
Copper Contributor
‎Nov 22 2023 08:12 AM
‎Nov 22 2023 08:12 AM

Oh yeah that would be great but I can also understand Jay's concerns and arguments

Jay Simmons
Microsoft
‎Nov 22 2023 08:47 AM
‎Nov 22 2023 08:47 AM

To be fair, I am leaning more now towards @José Luiz Schenardie's perspective.   Currently considering a basic passphrase feature that is English-only with the terms (dictionary) hard-coded into Windows. No changes needed on Azure - AAD wouldn't care, to them it's just a string that the device sends.

 

IMO that approach would meet a majority of customer needs in this space in the short term.  Longer term, I can always add a super-fancy feature (localized, customizable, etc) down the road if necessary.

José Luiz Schenardie
Brass Contributor
‎Nov 22 2023 11:26 AM
‎Nov 22 2023 11:26 AM

That would be great Jay. As I said a middle term solution with low development impact.

thanks for considering. :)

Jay Simmons
Microsoft
‎Jan 26 2024 11:36 AM
‎Jan 26 2024 11:36 AM

@José Luiz Schenardie ,

 

Please check out the new Windows LAPS passphrase support (and other new features!) that dropped in today's 26040 Canary build:

 

Announcing Windows 11 Insider Preview Build 26040 (Canary Channel)

 

I am actively seeking feedback on all of these features, just lmk

 

Jay

Jay Simmons
Microsoft
‎Jan 26 2024 12:41 PM
‎Jan 26 2024 12:41 PM
Status changed to: Working on it
 
Similar Ideas
No similar ideas