Password Dictionary

The password dictionary is a text file that contains words that cannot be used as passwords. When an administrator or user creates or changes a user’s password, the password is validated against the password dictionary. If the new password matches any words found in the password dictionary, the password is not accepted.

You associate the password dictionary with each security domain through the security domain password policy, using the Exclude Words Dictionary field. If you do not select the password dictionary, the security domain does not validate passwords against it, even if a password dictionary is installed. For more information,see Password Policy.

Add a Password Dictionary

A password dictionary is a text file that contains words that cannot be used as passwords. You can import a password dictionary.

Before you begin 

Create a password dictionary. Create a text file and enter each dictionary entry on a separate line. When you save the file, verify that the file is smaller than 200 MB.

Procedure 

1. In the Security Console, click Setup > System Settings.

2. Under Authentication Settings, click Password Dictionary.

3. Under Password Dictionary, make sure that the status is No password dictionary found. If the status is Password dictionary imported, you must first delete the existing password dictionary before adding a new one. For instructions, see Delete a Password Dictionary.

4. In the Password Dictionary Name list, click Import Password Dictionary File.

5. Under Password Dictionary Basics, enter the name of the password dictionary that you are importing in the Password Dictionary Name field.

6. Under Password Dictionary File, browse to the password dictionary file that you are importing.

7. When prompted, select the password dictionary filename, and click Open.

8. Click Import File.

   The import process can take several minutes.

9. Click Update Status to refresh. When the status shows Password dictionary imported, the name of the new password dictionary is displayed in the Password Dictionary Name list.

10. Click Done.

Export a Password Dictionary

When an administrator or user creates or changes a user's password, the password is validated against the password dictionary. If the new password matches any words found in the password dictionary, the password is not accepted.

To make a copy of the password dictionary for your deployment, export the dictionary.

Before you begin 

Verify that the password dictionary file is smaller than 200 MB.

Procedure 

1. In the Security Console, click Setup > System Settings.

2. Click Password Dictionary.

3. Click the password dictionary that you want to export, and select Export Dictionary File.

4. Save the dictionary file.

Delete a Password Dictionary

Your deployment supports one password dictionary. To change password dictionaries, or to remove a dictionary that is not in use, delete the password dictionary.

Before you begin 

Verify whether the password dictionary you want to delete is in use. Check the Exclude Words Dictionary field for each security domain password policy. For more information, see Password Policy.

Procedure 

1. In the Security Console, click Setup > System Settings.

2. Click Password Dictionary.

3. Click the password dictionary that you want to delete, and select Delete.

4. Click OK to confirm the deletion.