Active Directory Password Security Analysis

W!nter2024$ meets your password complexity policy.

Weak passwords provide attackers an extremely easy entry point into  your IT environment. Often times, major breaches are the cause of a single user selecting guessable or weak passwords. Even worse, obtaining clear visibility into the passwords your users are selecting is not a simple task without expensive third-party tools. Organizations often think that MFA will prevent a breach after user credentials are compromised, but our experience shows weaknesses and gaps in MFA deployment still widely exist. 

Our Active Directory Password Security Analysis service allows you to discover environment-specific trends and get a true handle on the credentials in use for your environment. Instead of playing “whack-a-mole” with weak user passwords as they’re discovered, obtain a birds-eye view of all crackable passwords in the environment and discover realistic, actionable changes that can be implemented to prevent them in the future.

Our dedicated password-cracking hardware has had extensive time and effort invested into the hardware as well as dictionaries, cracking rules and conditions to apply those rules. It rivals or exceeds the capabilities that many threat actors and other firms can provide. Depth Active Directory Password Review service not only provides you with information-rich reporting about your user’s password selection habits, but also provides executives, managers, and engineer-specific reports so that impact can be portrayed to any major stakeholders in the organization.

Benefits of an AD Password Security Analysis

  • Identify users selecting predictable passwords such as SeasonYear (Winter24!) or CompanyYear (Hospital24$)
  • Locate high-privilege domain accounts with cracked passwords that do not stand up to serious offline cracking
  • Find repeat IT offenders, responsible for building systems, who use the same password (W3!come1) or format repetitively on accounts they create
  • Flexible deliverables include full user/cracked password combos or simply known weak users, including the reasons their passwords were determined weak
  • Find accounts that include legacy weak LM hashes
  • Methodology includes the curation of custom, client-targeted seed words
  • Statistics on cracking efforts:
    • Top, most re-used passwords in your organization
    • Percentage cracked
    • Percentage unique
    • Shortest & longest passwords cracked
    • Counts of passwords containing a season, year, local sports teams, and custom client terms
    • Password length distribution
    • LM hash count