Password audits have become more difficult. New data breaches expose credentials every day. These are quickly fed into hackers’ cracking dictionaries, changing which passwords you need to keep out.
Verizon’s DBIR found 81% of data breaches were caused by compromised passwords, weak passwords, and reused passwords. Traditional algorithmic complexity rules are no longer considered a key factor in password strength. NIST password guidelines want you to screen for commonly used and compromised passwords as part of a password audit.
How can you determine the number of compromised, weak, and reused passwords being used in your organization today? How can you assess your risk from compromised credentials?
Enzoic offers a free password audit solution, Enzoic for Active Directory Lite, to help organizations quantify their risk from unsafe passwords in just a few minutes.
A modern password policy must screen for commonly used and compromised passwords.
Enzoic for Active Directory Lite applies this approach with a free password audit of your Active Directory. The audit checks your users’ passwords against Enzoic’s proprietary database of over 8 billion compromised passwords. If a match is found, it indicates that the plaintext password is already exposed and could be exploited by attackers.
Enzoic’s password database is updated every day with the latest breaches and cracking dictionaries circulating on the dark web. This is done using a combination of human and automated intelligence.
This data is available for any organization with Windows Active Directory to freely use for their risk assessments.
Finding your vulnerable accounts begins by running Enzoic for Active Directory Lite from any 64-Bit Windows Client or Server with a Domain Admin level account. There is no configuration or setup required.
Enzoic’s entire cloud database is compared with each user’s account. This is done using a secure, partial hash comparison to avoid password hashes ever leaving your environment. The process is highly optimized, scanning several thousand users in just a few minutes.
The results identify individual user accounts that have:
The password audit results display a summary and exportable details listing the specific user accounts and their vulnerability status. The process should be repeated regularly since a password considered safe today can become vulnerable at any time.
Start today by understanding your risk with a password audit using Enzoic for Active Directory Lite.
As an audit tool, Enzoic for Active Directory Lite makes it easy for organizations to get a quick snapshot of their domain’s password security state against the latest breaches and cracking dictionaries. It provides a great baseline for assessing password vulnerability.
The next level of compromised credentials protection should consider:
Variations should also be blocked based on predictable transformations, substitutions, and appended values. These techniques thwart methods used by persistent attackers and also align with NIST guidelines. Organizations can solve for each of the above using the full Enzoic for Active Directory solution.