Breached Password Testing Tool Launched by KnowBe4

Data breaches are occurring every day and many result in the theft of passwords. Since many individuals reuse or recycle passwords, if a password is obtained through a data breach it can be used to access multiple platforms, including work accounts.  It doesn’t matter how many capital letters, digits, or special characters are in that password. If it is compromised in a data breach the strength of the password is irrelevant.

Companies can set password policies which will help to improve password security, but compromised passwords remain a major risk. To help companies assess password vulnerabilities such as this, KnowBe4 has released a new breached password tool. The tool can be used by companies to check what passwords currently in use have been compromised, allowing them to take action to prevent those passwords from being misused.

The importance of checking for breached passwords cannot be overstated. The Verizon 2018 Data Breach Investigations report suggests that 81% of data breaches result from breached passwords.

The new breached password tool, which is free to use, uses current passwords associated with all domains listed within Active Directory and will compare those passwords against a database of almost two billion confirmed breached passwords to see if there is a match. A report will then be generated and sent to the IT department to allow at-risk accounts to have passwords reset.

The password tool enables companies to act on advice from the National Institute of Standards and Technology (NIST) and check all passwords against lists of passwords known to have been compromised in past data breaches.

“IT security professionals are often forced to use very time-consuming manual methods of searching out password breach lists to find compromised passwords in their network,” said Stu Sjouwerman, CEO, KnowBe4. “Having a free tool like the Breached Password Test goes a step beyond typical password policies to help administrators ultimately protect their infrastructures, networks and systems.”

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of NetSec.news