JumpCloud Office Hours: Join our experts every Friday to talk shop. Register today

Password Requirements



A common tactic that IT admins use to increase the security of their user accounts is to create password requirements. The theory is that more complex passwords are harder for password cracking applications to break.

Sounds straightforward, right? But there is a great deal of debate in the Identity Management world as to whether increasing the complexity or the length of a password actually makes a difference.

Debate on the Importance of Password Complexity

Some will tell you that worrying about those issues isn’t going to make a significant difference. Most hacks don’t really involve people or systems “guessing” a user’s password. Rather, they infiltrate a network and grab the password database. Then they go to work reversing the passwords. In this model, password complexity is a moot point.

Advocates for more complex passwords will say that the more complex the passwords are, the harder it is for users to be compromised. Still, this can ultimately lead to hackers “grabbing” the password file.

An All-Encompassing Solution

Whichever side of the coin you are on, you’ll have the option of employing a variety of different password requirements through JumpCloud’s Directory-as-a-Service®. We go well beyond password length and complexity. JumpCloud’s cloud-based directory service connects users to the IT resources that users need.

Various IT Needs

IT resources can include applications, devices, and networks. IT resources can live on-premises or in the cloud and be a variety of different platforms. When connecting those users to their IT resources, the connection of course involves a username and password. Occasionally the connection can be SSH keys which are even stronger than passwords!

The DaaS Password Solution

Through JumpCloud’s Directory-as-a-Service, IT admins can specify a number of password requirements.

Of course, there are length and complexity requirements, which as we outline above have differing opinions within the industry.

We also add a number of other critical requirements that serve to greatly enhance security. One is a setting on password reuse. Perhaps one of the most underappreciated ways of increasing security, limiting the previous passwords that can be used helps drive unique passwords across personal and professional services.

When combined with password rotation – also a JumpCloud DaaS password setting – users are effectively forced to have unique passwords. JumpCloud’s password requirements also include the ability to limit password resets and also set the number of failed logins.

Password Management and JumpCloud

data security breach

Password requirements can play a significant role in security. JumpCloud helps in a major way by giving organizations the power to implement regulations over password complexity and re-use.

These fall in line with mandatory requirements in compliance activities. Virtually all major security regulations will contain a number of password requirement controls. For example, PCI Section 8 requires at least 7 characters and an alphabetic character and numeric one as part of their requirements.

If you would like to learn how JumpCloud’s Directory-as-a-Service can help address your password complexity requirements, drop us a note or give JumpCloud a try. It is free forever for 10 users.


Recent Posts
Before purchasing a subscription to Azure’s top pricing tier, it’s important to understand what benefits and drawbacks AAD Premium P2 offers.

Blog

Understanding Azure AD’s Premium P2 Tier

Before purchasing a subscription to Azure’s top pricing tier, it’s important to understand what benefits and drawbacks AAD Premium P2 offers.

With IT budgets decreasing in 2020, some organizations need cost-effective system management. Try free MDM functionality here.

Blog

Free MDM

With IT budgets decreasing in 2020, some organizations need cost-effective system management. Try free MDM functionality here.

Learn how to prevent phishing attempts, protect Microsoft 365 identities, and make password changes easier for users. Try JumpCloud free.

Blog

Prevent Phishing of Microsoft 365 Identities

Learn how to prevent phishing attempts, protect Microsoft 365 identities, and make password changes easier for users. Try JumpCloud free.