Anti-phishing solution provider KnowBe4 has released a weak password test tool that can be used by organizations to assess threats related to the use of weak passwords.
Weak passwords are often cited as one of the main ways cybercriminals gain access to business networks. Weak passwords can be easily guessed and provide little resistance to brute force attacks. A recent study conducted by Verizon showed that 81% of hacking related data breaches were made possible by the use of weak passwords.
KnowBe4 CEO Stu Sjouwerman explained that “Using a weak password is an open-door invitation to cybercriminals.”
While it is common knowledge that strong passwords should be used to secure accounts, end users often ignore advice and choose easy to remember passwords.
IT security professionals are well aware that employees often choose their passwords poorly. Password policies are therefore introduced to prevent weak passwords from being used. However, password policies are not always effective.
The new weak password test tool allows IT security professionals to conduct a scan to identify whether any weak passwords have been selected by end users. The weak password test tool checks for common passwords, dictionary words, passwords used on multiple accounts, blank passwords, accounts that do not have password authentication and passwords that are set to never expire.
The weak password test tool also checks for accounts that use a LAN Manager hash for stored passwords, missing AES keys, Kerberos DES-Only accounts and accounts that do not encrypt authentication requests.
KnowBe4’s weak password test tool has been made available free of charge for businesses that use Active Directory. The tool can be used to locally assess an organization for password-related vulnerabilities. To ensure that security is not compromised, the tool does not detail any weak passwords that it discovers. The tool only reports on the accounts that have weak passwords set.
“KnowBe4’s release of Weak Password Test furthers our mission to empower IT pros with proactive tools to detect threats and educate their users to have security top of mind,” said Sjouwerman. “Weak Password Test makes it quick and easy to identify weak passwords so IT managers can take effective action fast.”