A single weak password can expose your entire network to an external or internal attack. Password harvesting is one of the easiest and most commonly exploited network security threats.
Network users often employ passwords that conform to standard complexity and length rules, but are based off of common dictionary terms. These passwords are easy to remember – and easy to break.
Performing periodic password audits can uncover weak passwords used within your organization and allow you to educate users on proper password utilization. An Active Directory password audit can show you who picks weak passwords before an attacker can exploit that weakness.
10-D Security uses a forensically sound and completely safe process to extract password hashes from the Active Directory database. This process uses no third-party tools like many other password auditing services, guaranteeing that your domain controllers remain online with no disruption of service or instability issues.
Our security lab has a high horsepower, state-of-the-art password cracking engine that was designed specifically for this task.
We are able to work with our clients to provide yearly or quarterly assessment engagements.
Password harvesting is one of the easiest and most commonly exploited network security threats.
The 10-D Security Difference
- Years of experience performing password audits in complex environments.
- Smart reports that deliver what you need to know, in an easy to read format.
- State-of-the-art-password-cracking-engine designed specifically for this task.
Who Benefits from a Password Audit?
This service applies to organizations:
- Focused on protecting customer information.
- Whose management values a proactive evaluation and the preemptive assurance this assessment will bring.
- Who have tried to educate end users about weak passwords but are getting resistance or lack of compliance.
The Scope of Work
The scope of our Password Audit is straight forward. All user password hashes will be collected from Active Directory and placed into our password cracking engine.
- Password cracking attempts vary depending on the assessment, but are usually kept to 24, 48 or 72 hours.
- Multiple methods of password cracking are utilized.