The use of passwords is a widely discussed security topic. Too short, too simple, not changed frequently enough. Many passwords are vulnerable. But how is it within your organization? With The Kraken tool, our password analysis service, the necessary insights are provided anonymously into the use of weak passwords among employees.
We combine powerful graphics cards, leaked password lists, and years of penetration testing experience to identify weak passwords and password patterns of anonymous employees. We conduct analyses of both the Active Directory and the most common passwords. Subsequently, we analyze the results. What do we see, what could be improved, and what's the impact on the organization? By addressing these questions, we develop a robust plan to enhance the organization's resilience.
Why the Kraken tool
One of the most common ways cybercriminals infiltrate an organization is by obtaining login credentials. They use methods like password spraying and credential stuffing, attempting weak passwords and username/password combinations from hacked sites. The success rate per user is limited. However, only one successful login by a user is enough to get a foothold in your organization. Once inside, a hacker progressively gains more information without anyone noticing.
This is how the Kraken tool works
Most organizations have some form of a password policy in place. However, these policies often don't go beyond requiring passwords to have a certain length and a certain number of characters. This only thwarts the weakest passwords. With the Kraken tool, we securely extract password and admin account information from the Active Directory. Using this data, we conduct a brute-force attack on our own hardware platform. The results are presented in a professional report. Optionally, we then create an action plan to reduce the number of weak passwords. After implementation, we conduct a follow-up assessment to determine the impact of the plan.
Ook toewerken naar een écht goed wachtwoordbeleid? Neem contact op met het Security Advisor Team
Employees often opt for easily memorable passwords, such as: Welcome01!. By doing so, your organization unknowingly opens the door to cybercriminals. This renders password usage within organizations one of the weak links in modern IT environments. A strong password policy is therefore essential.
Clear and concise report
We present our findings to you in a clear report. In this report, we discuss various aspects including the number of (unique) password hashes, the count of cracked passwords, the number of affected user accounts, and the top 10 most common base words. This provides you with the awareness that forms the foundation for potential development and improvement.
The Kraken tool provides you with insight into the weak passwords within your organization at this moment. While this is highly valuable, it's equally important to ensure this remains the case in the future. Therefore, we offer an optional password awareness training, where we provide you with tips and advice to optimize the password policy within your organization.