Active directory password audit by Make sure your passwords are reliable and resilient.

As technology advances, so do attackers’ abilities to infiltrate systems and unscramble passwords with even more speed and ease. Your passwords are there to protect your software, so make sure they are safe and strong with our active directory password audit.

Our custom password attack system utilises advanced attack techniques and in-house custom password rule sets to imitate attackers. From these results, provide you with a detailed report that identifies credential risks, so you can make the necessary changes to improve your organisation’s security and prevent serious attack.

How it works: Our tried & tested password audit process.

Impersonate a threat

Our unique Active Directory Password Audit attacks your passwords in the same way a threat actor would.’s experience in cyber security recognises the methods threat actors use to infiltrate passwords and these are replicated in the security audits.

Identify credential risks

After the attack has been simulated, your credential risks are identified and presented to you in a detailed report. This will clearly and concisely identify where credential risks lie in all areas of your organisation, allowing you to swiftly and effectively identify accounts at risk.

Increase & improve password security

From your report, we can work together to find ways to increase the strength of your organisational policy and overall security culture. Changing your passwords is just the start of a complete cyber security overhaul.

Measurable attack success rates

Our detailed reports include attack success rates broken down into timing metrics to highlight ease or difficulty of a successful attack. As well as this, standard and privileged accounts at risk are also itemised, so you are aware and can make changes where necessary.

Privileged account breakdown

Our password audit will highlight vulnerable accounts belonging to privileged groups within your network, allowing you to quickly identify and remove attack surfaces that could allow an attacker privileged access to your domain.

Past data breach discovery

As mentioned above, any email addresses and passwords present in past data breaches will be listed in addition to ones found in our Active Directory Password Audit. Also, weaknesses against the NIST SP 800-63B password standard will be highlighted so you can address any improvements that need to be made.

Password reuse & expiration

Dormant accounts, accounts with expired passwords and identification of password reuse are highlighted in your report, so you can address these issues with immediate effect. For assurance, we do not display any assessed passwords in our reports irrespective of whether attacks were successful or not.

Password policy analysis

Your password policies will be scrutinised to ensure they are secure and robust, as well as identify accounts in your organisation containing passwords that do not conform.

Increased resiliency to future attack

As a specialist cyber security consultancy, are here to help increase your resiliency to future attack. Our reports include statistics and results from our audit, but we also provide expert tailored advice to protect your future.

Here to help: Password Audit FAQs.

How quickly can you start?

Depending on your requirements, we can often start testing within 48 hours.

Do you offer managed service contracts?

Yes, we do. If, over an agreed period of time, you require a significant amount of testing and/or training, either ad-hoc or at regular intervals, we can help. We can set up a pool of testing days, training courses, or both, that can be used when you require them. Plus, our managed service contracts attract a discounted rate.

How quickly will I get the report?

After the password audit finishes, we will compile our report and get it back to you within five working days – but will always strive to get it to you sooner.