Are you prepared if a hacker attacks tomorrow?

Audit your passwords to see if there are possible risks to your Active Directory.

Its free, secure and guaranteed safe with 100% encryption.

Know your risk today!

DOWNLOAD AND GET YOUR SECURITY REPORT

*Information submitted on this form may be associated with other information we have collected and used pursuant to our Privacy Notice. 

The biggest businesses in different industries trust FastPassCorp

fastpass-client-logos

trust-signal-indusface-white
trust signals-dark-version

What can you get from the audit?

DOUBLE THE PROTECTION

Know if you have weak passwords in your Active Directory and create stronger Password Policy

CHECK FOR WEAK SPOTS

Remove threats and check for weak encryption in your Active Directory

EASY DASHBOARD AND REPORTING

Generate report on accounts that re-use same password

ABOVE PAR SECURITY STANDARDS

Compare against database containing millions of breached passwords

ADDITIONAL SUPPORT

Our security experts can provide additional support in helping you run the tool and interpret recommendations for your Active Directory

Contact Us image

Contact FastPassCorp to discuss solutions to your situation

About the Password Audit Tool

This password auditing tool will give your organization a report which includes an overview of your risk and exposure to the threat by checking for lapses and weak domain password in your Active Directory. This password audit tool is free for lifetime use developed together with KSS to promote stronger and more secure enterprise passwords. Unlike other time-consuming tools, ours is free, secure, and easy to run and use.

How Secure is this tool?

RATED AS THE BEST FREE PASSWORD SECURITY AUDIT

By security leaders from small to large enterprises

Compliance Manager
for an Outsourcing Company

 

Fast and Easy to use

I have forwarded this tool to our IT Team who takes care of our active directory, and its impressive how much data in the report it shows. The tool is secure, at first we were skeptic but it was developed by our partner company so we were assured.

We were surprised how many employees re-use their passwords over 5x!

Directory of IT
Digital Development Company

 

It is now part of our Monthly Security Check Up

We saw this on LinkedIn and I asked our IT Security Team to have a look at it. We contacted FastPass directly to ensure it was legit – it took us around 48 hours to secure approval first but when we ran it, it was all worth it. 

The report is so granular and we are able to revise our policies based on the security recommendations.

Not sure if you have the right privileges? Send the tool to your IT Infrastructure Team.

You may opt to receive it via your email and forward it to them or let them know directly below.

pw-audit-sidebar-pic-2

What you can expect from the Password Audit Results and Recommendations

The following information is provided to help analyze the charts of this password auditing tool and explore recommended solutions to resolve any issues identified. It can also help enhance your existing domain password policy.

Blank passwords are a serious threat to computer security.

A blank password makes the authentication process as weak as simply guessing a username, making a brute-force attack against the account trivial.

Any account found to have a blank password should be given a strong, complex, password.

FastPassCorp has a solution to secure the password creation process, ensuring that only strong passwords are chosen by users.

A weak password is one that is either easy to guess given basic knowledge of the user (for example, a birth date or name of a family member), is one that is commonly used (such as 'password' or 'guessme'), or is not complex enough and therefore can be attacked by brute force. All of these characteristics increase the chance of an attacker being able to compromise the password in a short length of time.

A strong password policy should be enforced. FastPassCorp has a solution to secure the password creation process, ensuring that only strong passwords are chosen by users.

Older versions of Windows used a password hashing method known as Lan Manager (LM)hashing. This hashing process was relatively weak, and in turn allowed attackers to turn a hashed password back into its original plain text form with relative ease.

Microsoft provide guidance on this feature and how it can be changed.

Passwords stored using reversible encryption can be extracted from Active Directory by a privileged

user and decrypted to reveal the original password.

Microsoft provide guidance on this feature and how it can be changed.

Domain member computers have been found using the default computer password. This would allow an attacker to use the computer account to access Active directory and gather more information that could be used in an attack.

The machine(s) in question should have their computer passwords updated. Microsoft provide guidance on how this can be performed.

Accounts with the 'password not required' flag can opt to use a blank password. Blank passwords are a serious threat to computer security. A blank password makes the authentication process as weak as simply guessing a username, making a brute-force attack against the account trivial.

Update any account with the 'password not required' flag to require a password. Microsoft provide guidance on this feature and how it can be changed.

FastPassCorp has a solution to secure the password creation process, ensuring that only strong passwords are chosen by users.

Screenshot-1-PW-Audit-Tool1
Screenshot-1-PW-Audit-Tool2

Accounts have been found which have password expiration enabled.

Guidance on password expiration differs by sector. Please consult guidance for your sector (for example PCI-DSS, NIST etc)

In the absence of stronger AES encryption keys, weaker encryption methods such as RC4 and DES

are used during the authentication process. This potentially allows an attacker to decrypt the

network traffic and extract credentials for later abuse.

Microsoft provide guidance on how to enable AES keys.

Without pre-authentication, an attacker is able to make a single request for an authentication token, and then crack the encryption for the token whilst offline.

As there was only a single request made, no suspicious behaviour would show up within the Active Directory security logs.

It is recommended that Kerberos preauthentication is enforced.

For further guidance, please seek guidance from an appropriate source.

When it was first implemented, the Kerberos protocol used the DES encryption standard.

This has since been compromised, and it's use should be retired where possible.

Microsoft provide guidance on how to disable the use of DES encryption.

Active Directory delegation is critical part of security and compliance.

By delegating control over Active Directory, you can grant users or groups the permissions they need without adding users to privileged groups like Domain Admins and Account Operators.

Microsoft provide guidance on how this can be configured.

Smart card authentication is a two-step login process that uses a smart card. The smart card stores a user's public key credentials and a personal identification number (PIN), which acts as the secret key to authenticate the user to the smart card.

Microsoft provide guidance on how this can be configured.

FAQ image

FastPassCorp and KSS Partnered to roll out this tool.

KSS (Knowledge Secure Systems) A leading IT Security Company in the UK and FastPassCorp is a global leading provider of Self Service Password Reset based in Denmark.

This tool is so powerful that it runs through your enterprise active directory securely and releases results in just less than 30 minutes that will show level of risk by checking for :

  • Weak or Common Passwords
  • Accounts with weak encryption
  • Accounts that has no password
  • Accounts that reuse the same password
  • Shows where passwords are stored in clear text

The tool does not communicate to the outside world with any of the data. The tool does not change or modify any data in Active Directory, no does it need to run on a Domain Controller or a member device. It can be run from any device.

The only reason for requesting elevated rights is the necessity to get hold of the password hashes. As a hash is a mathematical algorithm that maps data of arbitrary size’ to a bit array of a fixed size t represents the password. It is a one-way algorithm, hence a hash will not enable anyone to calculate a password. The hashes in Active Directory is compared against the hashed list of breached passwords in the file. Again the file just contains the most breached hashes.

Identifying a breached password will not lead to anyone knowing what the actual password is. The same is true for the comparison towards the text file holding specific passwords to check. If the system that a password holds one of these passwords, the user account pops up on the list however the password is not revealed.

Requirements:

The tool will run on any Windows Device having .Net4.7.2 installed. The device needs to have access to Active Directory but it is not a requirement that the device is a member device. To run the test a user account having Domain Admin (r/o) rights are needed.

Instructions:

  1. Install .Net 4.7.2 or newer
  2. Download the tool
  3. Unzip the files in a folder of your choice
  4. Open the PDF document in the documentation folder and follow the detailed instructions

File will be automatically downloaded upon submission of company email. You can also click the link in the Thank You page if the download haven't started automatically

This tool may be used by any enterprise ideally with employees from 30 to as large as 5000 users.

IT Security Team, IT Managers, or anyone who is working as an Active Directory Admin.

Scroll to Top