[KB8096] Password Policy in ESET Endpoint Encryption

Issue

ESET Endpoint Encryption Client and ESET Endpoint Encryption Client Server are separate products from ESET Full Disk Encryption

The article below applies only to the ESET Endpoint Encryption Client or ESET Endpoint Encryption Server and not ESET Full Disk Encryption.

Visit ESET Full Disk Encryption support to view ESET Full Disk Encryption content.

Details

If a workstation is managed by an ESET Endpoint Encryption (EEE) Server, the administrators can specify the requirements of passwords set up by users. This enables them to ensure that only secure passwords are used and that security compliance is met.

The Password Policy is specified as part of the Group Policy within the EEE Server. To change the password quality settings, modify the Group policy and update the Password Policy.

Solution

Key-File and Encrypted Container passwords

When ESET Endpoint Encryption prompts the user to create a password, the progress bar turns from red to green as the user types. This indicates the progress towards meeting the password requirements. The password meets the password policy when the progress bar is completed and green.

If the user hovers the mouse pointer over the Password Policy bar, a tooltip dialog will appear. It shows the details of the policy requirements and which of those requirements have been reached by the current entry (it displays "OK" below the requirement that has been met). See the examples below.

  • Password Policy has not been met:
Figure 1-1
  • Password Policy has been met:
Figure 1-2

Full Disk Encryption passwords

When the user creates a Full Disk Encryption password within the EEE Server, the Password Policy is enforced at the point of starting encryption. If the policy has not been met, the encryption wizard will not progress and a red circle with an exclamation point will appear next to the Password field. If the user hovers their mouse pointer over the exclamation point icon, a tooltip dialog with requirements details will appear. See the example below:

Figure 1-3
Password Policy modifications

Ensure that a Password Policy is decided upon before deploying Full Disk Encryption. A Password Policy applied for Full Disk Encryption login is set at the time when the encryption begins on the Workstation. Modifications to the Password Policy when the encryption has been initiated will not apply to Full Disk Encryption password changes.

The Password Policy affects the quality of generated recovery login passwords which are used if a user forgets their Full Disk Encryption password. The interface for this process includes a password quality bar (located at the bottom of the Password field) but it does not include a mouse hover option. Reset a Managed User Full Disk Encryption password.

Figure 1-4

Chat with ESET AI Advisor for support