Password Audits

How strong are the passwords that protect the mobile devices, email accounts, and network credentials at your company? If you don’t have a password policy, it’s likely that the strength of these logins vary widely from person to person, and you would benefit from a full audit.

During a password audit, we will help your organization make sure passwords are unique to each person and property, so in the event of a single breach the whole system isn’t compromised. For example, we might look at your Active Directory database and run it against password dictionaries to generate a bad list of passwords. We can help you develop policies for expiration and reuse, which can improve security and underscore the importance of selecting strong passwords among your staff. (During our penetration tests, we identify any passwords we were able to crack or obtain via phishing or social engineering, and we will make recommendations to improve password security.) We can also make sure the appropriate lockouts/timeouts are configured to prevent brute force attacks.

Additionally, we can help your organization take advantage of encrypted password databases like KeePass, LastPass, or 1Password. These programs enable teams to store passwords in a locked “vault” that is unlocked with a single strong password. Depending on your organization, this may be a viable alternative to remembering multiple strong passwords.