Skip to main content

Password Dictionary

Use this API to implement password dictionary functionality. With this functionality in place, administrators can create password dictionaries to prevent users from using certain words or characters in their passwords.

A password dictionary is a list of words or characters that users are prevented from including in their passwords. This can help protect users from themselves and force them to create passwords that are not easy to break.

A password dictionary must meet the following requirements to for the API to handle them correctly:

  • It must be in .txt format.

  • All characters must be UTF-8 characters.

  • Each line must contain a single word or character with no spaces or whitespace characters.

  • It must contain at least one line other than the locale string.

  • Each line must not exceed 128 characters.

  • The file must not exceed 2500 lines.

Administrators should also consider the following when they create their dictionaries:

  • Lines starting with a # represent comments.

  • All words in the password dictionary are case-insensitive. For example, adding the word "password" to the dictionary also disallows the following: PASSWORD, Password, and PassWord.

  • The dictionary uses substring matching. For example, adding the word "spring" to the dictionary also disallows the following: Spring124, 345SprinG, and 8spring. Users can then select 'Change Password' to update their passwords.

Administrators must do the following to create a password dictionary:

  • Create the text file that will contain the prohibited password values.

  • If the dictionary is not in English, they must add a locale string to the top line: locale:languageCode_countryCode

The languageCode value refers to the language's 2-letter ISO 639-1 code. The countryCode value refers to the country's 2-letter ISO 3166-1 code.

Refer to this list https://docs.oracle.com/cd/E13214_01/wli/docs92/xref/xqisocodes.html to see all the available ISO 639-1 language codes and ISO 3166-1 country codes.

  • Upload the .txt file to Identity Security Cloud with Update Password Dictionary. Uploading a new file always overwrites the previous dictionary file.

Administrators can then specify which password policies check new passwords against the password dictionary by doing the following: In the Admin panel, they can use the Password Mgmt dropdown menu to select Policies, select the policy, and select the 'Prevent use of words in this site's password dictionary' checkbox beside it.

Refer to Configuring Advanced Password Management Options for more information about password dictionaries.