Password auditing: Purge weak passwords from your organization

A close-up of part of a login screen where the password field has been filled in and the curser is hovering over the Sign In button
(Image credit: Getty Images)

Passwords are virtual keys that safeguard data stored in email, social media, and online banking accounts. Unfortunately, some business leaders might be unaware of the dangers weak passwords pose to their company. 

Weak passwords make companies vulnerable to breaches that jeopardize a business's reputation. Implementing strong password policies that set the rules for password length and character type contributes towards preventing costly attacks.

It’s far easier for criminals to log in to a company than to hack in and weak passwords create attack paths that provide access to an organization. Another security issue facing companies is password reuse.

This happens when staff create new accounts for applications but don’t make new passwords for them. Password reuse increases risk because one compromised password can give an attacker access to several applications and the wider corporate network.  

Weak reused passwords are gold dust to cyber criminals

Reused passwords tend to be short and easy to remember. These passwords often have 12 or fewer characters, with eight being the most common. They are also susceptible to brute force attacks.

A brute force attack happens when a hacker takes a list of passwords such as qwerty, 123456, abcdef123, a123456, {Brand Name}123, password, and systematically tests them against a list of user emails to gain access to accounts. 

Organizations find it difficult to detect compromised accounts until an attack is underway.  

Systems administrators know that robust password policies strengthen their organization’s resilience against cybercriminals because when it comes to password hygiene users are often their worst enemies. 

Password auditing is a rigorous inspection 

Active Directory is an important tool that helps systems administrators identify shortfalls and ensure appropriate controls are in place. There are three reasons systems administrators perform an audit with Active Directory.

These include an attempt to understand the system under inspection, a measure of the system's compliance against an established standard, and a baseline creation that measures the impact of change in security policies. 

Specops created a whitepaper that shares tips on how systems administrators can eliminate risky passwords from their organization. It introduces an audit tool that scans your Active Directory for password-related vulnerabilities.


ITPro is a global business technology website providing the latest news, analysis, and business insight for IT decision-makers. Whether it's cyber security, cloud computing, IT infrastructure, or business strategy, we aim to equip leaders with the data they need to make informed IT investments.

For regular updates delivered to your inbox and social feeds, be sure to sign up to our daily newsletter and follow on us LinkedIn and Twitter.