KnowBe4 Releases Weak Password Test

(Jessica) #1

I was happy to see the topic of password safety popping up here a few weeks ago. Our Dev Team has released a free tool that checks your Active Directory for 10 types of weak password related threats like Weak, Duplicate, Empty, Never Expires, etc. This takes about 5 minutes and will give you great insight into the effectiveness of your password policies (it includes pretty reporting) so you can do something about it!

The requirements are: Active Directory, Windows 7 or higher (32 or 64bit)

Start your test from here:

  • Jessica S. Managed Services/Community Manager :unlock:

(Chris Nichols) #2

I have used this tool and found some issues that I was not aware of. Good job!

(Chuck Benslay) #3

I am wondering how this tool checks for weak passwords? I understand how it can check for duplicates, empty and never expires. I’m sure the passwords aren’t un-encrypted… are they?

Just trying to determine how it works so I can present it to management.

(Jessica) #5

Hi Chuck,

You’re correct, the Active Directory passwords are stored encrypted. They way Weak Password Test checks for “weak” passwords is by hashing a table containing common passwords & passwords that have been exposed by data breaches using the same hashing algorithm as your Active Directory (over 11 million passwords in total).

We then compare those 11M + hashes against the hashes of your users’ passwords in Active Directory, and if the hashes match, then we note that user account is using a “weak password”.

Let me know if you need more info!

(Chuck Benslay) #6

THAT makes perfect sense.