Password Strength Review
Using specialist hardware specifically designed for password cracking, Insomnia Security is able to conduct a password strength review of an organisations stored passwords, including Active Directory. This assists in the identification of insecure passwords, bad password patterns, and other password weaknesses.
During the initial stages of the review, an extraction method is utilised to replicate and capture the necessary data from a domain controller or other password store. This is then passed through a number of rounds of password cracking attempts, using a combination of word lists, permutation, and brute force techniques.
The outcome of the password cracking is then analysed, allowing our team to produce a meaningful report that highlights weakness in the current passwords, as well as from users' password history.
Some of the potential findings as an outcome of this review are:
- Weak passwords
- Mapping of password length
- Common words used in passwords
- Service account password strength
- Common passwords across different users
- Password reuse across privileged accounts
During the review it is also possible to validate user account attributes and configurations, where that data is available, such as the amount of time since a password change, members of a particular user group, and accounts that are not in use.