Just because users are not creating obvious passwords such as "Password123" does not mean they are not using passwords that could be easily cracked. Users will often create context specific passwords that are highly predictable. For instance cybercriminals are aware that users often select passwords that are unique to their local area. Examples include local sports teams, geographic locations, local tourist attractions, etc. To combat this, Enzoic provides a Custom Dictionary that allows you to input common passwords according to various context that are easy to anticipate. We also suggest adding in your company name in as a best practice. The Custom Dictionary can hold up to 5,000 words and includes the following features (I'll use Enzoic as the example):
- Case Insensitive
Screening handles entries without regard to upper and lower case. This means that not only would the word "enzoic" be blocked, but so would "Enzoic", or "EnZoIC", or any combination of lower and upper case. - Contains Search
Screening considers passwords that contain entries in the Custom Dictionary. For example if the word "enzoic" is in the Dictionary variants such as "Enzoic123!", or "Work@enzoic" would also be blocked. - Fuzzy Password Matching
If fuzzy matching is enabled, entries will consider reverse spelling and leetspeak substitutions. So again, if "enzoic" is in the Dictionary, variants like "Ciozne" and "Enz0!c" would also be blocked.
Continuous monitoring can be configured by navigating to the Settings -> Custom Password Dictionary tab after you install the product.