Common-password dictionary

Content Platform S Series Node Help

Version
4.0.0
Audience
anonymous
Part Number
MK-HCPS027-02

The common-password dictionary consists of a set of terms that are likely to be used as passwords (for example, password, Qwerty, or 12345678). While the option to block common passwords is enabled, the S Series Node rejects new passwords that match any of the terms in the dictionary.

Dictionary terms

A dictionary term is a text string consisting of at most 64 UTF-8 characters. This value does not include the delimiter at the end of the term.

The comparison between a new password for a user account and the terms in the common-password dictionary is case insensitive. For example, the passwords HitachiVantara123!, Hitachivantara123!, hitachivantara123!, and hitaCHIvanTARA123! all match the term HitachiVantara123!.

To be the same, the specified password and the dictionary term must contain exactly the same sequence of case-insensitive letters, numbers, special characters, and white space. For example, the password HitachiVantara123! does not match the terms HitachiVantara, Hitachi Vantara123!, 123hitachivantara!, or HitachiVantaraLLC123!.

Dictionary management

Initially, the common-password dictionary is empty. To populate the dictionary, you upload a .txt file containing the terms you want to block from being used as passwords. If the dictionary is not empty when you upload the file, the terms in that file replace the current contents of the dictionary.

The S Series Node treats new-line characters in the uploaded file as term delimiters. Special characters, including commas, spaces, and other white-space characters are treated as part of the delimited terms.

Uploading a file in which any terms contain non-UTF-8 characters can have an unpredictable effect on the dictionary.

The S Series Node stores the name of the most recently uploaded file used to populate the common-password dictionary, the date and time the file upload finished, and the file size. The maximum size for a file containing dictionary terms is 104,857,600 bytes. This size includes the new-line delimiter characters.

You cannot modify the contents of the common-password dictionary directly on the S Series Node. Instead, to add or remove terms from the dictionary, download the dictionary contents to a file, modify the file, and then upload the modified file. Downloading the dictionary contents does not remove the contents from the S Series Node.

Tip: If you still have the most recently uploaded file used to populate the common-password dictionary, you don't need to download the contents of the dictionary. Instead, you can modify and upload the file you already have.

Using the HCP S Series management API, you can delete the contents of the common password dictionary. Deleting the dictionary contents leaves the dictionary completely empty. Deleting the contents also removes the record of the most recently uploaded file used to populate the dictionary.

Tip: To allow the use of common passwords, instead of deleting the contents of the common-password dictionary, disable the option to block common passwords. That way, if you decide to re-enable that option, the dictionary contents are still present on the S Series Node.

If you have the security role, you can use the HCP S Series Management Console or management API to work with the common-password dictionary.

To work with the common-password dictionary in the Management Console, go to Configuration > Security.