Current implementations of password policies are static and restricted in scope by details that are manually defined by network administrators. These policies generally only check the probabilistic quality of the passwords that they are designed to address. However, the ability to select weak password formats still exists. In essence because of dynamically changing conditions within an enterprise, the administrators are left guessing as to which policies are secure enough for the enterprise and which other policies should be abandoned.
Moreover, typical password policy implementations only store a user's previous few passwords (usually the last two passwords) to make sure the user does not reuse them. This is not secure as a user can usually get around this limitation fairly easy to set the password to something the user likes. Moreover, in this scenario after three passwords, the user can revert back to an old password for reuse.
Password policy is usually something that an administrator plans and manually defines for an enterprise. Support for the password policy is manually adjusted on an as-needed basis by the administrator. This manual and ad-hoc approach does not account for the ever changing and chaotic environments associated with today's enterprises. This is especially problematic when intruders are constantly finding new ways to penetrate an enterprise's secure environment and damage or steal enterprise assets.
Thus, what is needed is a mechanism, which allows for improved password policy enforcement.