Active Directory Password Audit

The Authlogics Active Directory Password Audit service is for CISO’s and network administrators who, for compliance and security reasons, need to know how vulnerable their network is to password-based attacks and want a thorough report detailing the risks and issues. An Authlogics Active Directory Password Audit is a quick and non-intrusive process that checks for previously breached and shared passwords and highlights compliance issues against the NIST SP 800-63B password policy standard.

Unlike traditional penetration testing tools which can take 3-5 days attempting to brute force only the simplest of passwords on a subset of accounts, our solution examines every single user account, regardless of how long or complex the password is, to provide an accurate compliance report in under an hour.

  • Takes minutes, not days
  • Audit and Risk report
  • Lists users using AD passwords on other sites
  • Finds accounts sharing the same password
  • Passwords & hashes never leave the network
  • Per user spreadsheet breakdown
  • Read-only with no downtime of AD servers
  • Can be run remotely

How does the audit work?

The audit is performed by simply running our audit tool on a PC on your network. The audit tool will read the AD password hash data from all existing user accounts and then compare them to data stored in our Authlogics Password Breach Database of over 520 million breached passwords to determine which accounts are currently using a known breached password. This process is extremely quick compared to traditional password audit methods as no brute forcing of hashes is required. The audit can be run remotely with your full visibility, or one of our partners may be able to perform the audit on site.

The tool will also look for possible external email address matches per user where the same breached password has been used. This is useful to highlight users who use their AD password on other websites and external systems which is a very risky practice.

A very common problem with AD passwords is that people share them even though the company policy prohibits it. This behaviour significantly lowers accountability which is required for most compliance legislation. We also often find that some administrators use the same password on their admin account as their day to day account, which goes against best security practice. The audit tool will also locate these accounts.

Your passwords and their hashes are kept private at all times as they never leave your network. The audit tool uses K-anonymity technology, sending only the first 6 of the 32 character password hash to our Password Breach Database, when looking up results. That way we never know which password you are looking up.

The audit tool will generate a few spreadsheets detailing per user results with which you are able to action problems found. A full PDF audit report with risk analysis will also be generated and sent you afterwards.

Book an audit today

Fill in your details and a member of our team will get in touch with you to answer any questions you may have and to book an audit time slot.

To perform an Active Directory password audit you will require the following:

  • Domain Administrator credentials
  • A Domain-joined Windows PC with .NET 4.6.2
  • Internet connectivity
Name*
Telephone*
Email*