PASSWORD.AUDIT

We’ve all been told at some point to create a password that conforms to a minimum length that must use mixed alpha-numeric characters and symbols, but we often don’t know how resilient our passwords are to attack

For the foreseeable future, or until we’re all harnessing quantum computing power, passwords will more than likely form part of our every day lives for authentication.  Modern hardware has provided attackers a platform on which they can attempt to break passwords at blistering speeds. If a hacker is able to establish a position where they can attack your passwords, the robustness of your password policies in conjunction with your employee’s password awareness will dictate how successful the attacker will be.

Our Approach

We provide a unique auditing service where we analyse and review how resilient your passwords are. Utilising our custom offsite, cracking rig along with advanced techniques and in-house built password rule sets, we will attempt to break your passwords just as an attacker would.

Depending on your requirements we can test the resiliency of…

  • Workstation and server logon passwords
  • Internal and external application passwords
  • Database passwords
  • Various network device passwords

Following the assessment you will be provided a detailed report, outlining statistics around the security posture of your organisation’s passwords. The report will never display any assessed passwords (clear text or otherwise) irrespective of a successful or unsuccessful attack.

The report will include the following statistics:

  • The number of passwords successfully attacked
  • Length and complexity statistics
  • Timing calculations for successful attacks including baseline effort estimates for opportunistic and determined threat actors to obtain clear text values
  • Breakdowns of the numbers of passwords most at risk of compromise
  • Whether your passwords have been identified in past data breaches

Our report also provides remedial action that’s derived from a combination of our expertise in password attacks and National Institute of Standards and Technology (NIST) guidance on password security.

For further information on the engagement specifics, please contact one of the in.security technical team.

 

Why choose a password audit?

  • A password audit will help develop your organisation’s password policy and cyber awareness culture so that they are strengthened moving forwards
  • Passwords that have been identified in past data breaches can be used to shape and educate how your organisation enforces the choosing of future passwords
  • Works in conjunction with our in.security Awareness Training course that has a module focused on password attacks, management and how to proactively address password security