A single weak password can expose your entire network to an external or internal attack. Password harvesting is one of the easiest and most commonly exploited network security threats.
Network users often employ passwords that conform to standard complexity and length rules but are based off of common dictionary terms. These passwords are easy to remember – and easy to break.
Our Password Audit can uncover weak passwords used within your institution and allow you to educate users on proper password utilization. An active directory password audit can show you who picks weak passwords before an attacker can exploit that weakness.
We use a forensically sound and completely safe process to extract password hashes from the active directory database. We do not use third-party tools like many other password auditing services, guaranteeing that your domain controllers remain online with no disruption of service or instability issues.
Our security lab has a high horsepower, state-of-the-art password cracking engine that was designed specifically for this task.
We provide yearly or quarterly assessment engagements.
- All user password hashes will be collected from active directory and placed into our password cracking engine.
- Password cracking attempts vary depending on the assessment, but are usually kept to 24, 48 or 72 hours.
- Multiple methods of password cracking are utilized.
The 10-D Security Difference
- We have years of experience performing password audits in complex environments.
- Our smart reports deliver what you need to know, in an easy to read format.
- Our state-of-the-art-password-cracking-engine is designed specifically for this task.
You would benefit from a 10-D
Password Audit if
- You are focused on protecting customer information.
- Your management values a proactive evaluation and the preemptive assurance this assessment will bring.
- You have tried to educate end users about weak passwords but are getting resistance or lack of compliance.