Windows Password Auditor helps auditors, network administrator, and security administrators to enforce strict password security policy by identifying weak and default username passwords in the Windows based machines. Weak xp password have been cited by experts from SANS, industry, government, and academia as one of the most critical security threats to computer networks.
Password recovery becomes extremely easy with Windows Password Auditor because it automatically retrieves password hashes from the registry and allows auditors, administrator, and security administrators to either recover username password or test the strength of the Administrator password according to an organization password policy through comprehensive auditing control measures and prevents password hacking cracking.. Windows Password Auditor is compatible with Windows 2000 / Windows XP / Windows 2003 Server / Windows VISTA / Windows 2008 Server / Windows 7. It also facilitates in achieving strengthened governance and Regulatory Compliance standards like Sarbanes-Oxley Act (SOX) (USA) , Health Insurance Portability and Accountability Act (HIPAA) (USA) , Gramm-Leach-Bliley Act (GLBA) (USA), Federal Information Security Management Act (FISMA) (USA) , Data Protection (EU, UK, Canadian), J-SOX (Japan), LSF (France), Payment Card Industry Data Security Standard (PCI/DSS), security frameworks such as ISO 27001, and COBIT or NIST.
Windows Password Auditor is a password strength analyzer that proactively identifies the strength of a password against an intrusion attempt. It also checks for defaults passwords those are not changed on Windows based machines because all default and weak passwords are security threat for the confidentiality, integrity and availability of data. It also provides options like dictionary attacks, brute force attacks and hybrid attacks to audit the weaknesses in enforced password security policy. Windows Password Auditor also has the ability to present all cracked passwords in the form of a vulnerability report so that it complies with a defined controls and organizational security policy.
Following are some examples of weak passwords:
Default passwords such as those used in most software applications (admin, administrator password etc)
Popular passwords (qwerty, 123456, password, letmein, abc123, monkey etc.).
Repeated combinations of symbols (aabbcc, 123123, aaaa, 7777777 etc.).
Inversion of common words (drowssap, nimda etc.).
Passwords coinciding with user name or its variations.
Short passwords having up to 7 symbols, which can be found with brute force attack.
Passwords derived from common words or word combinations that can quickly be discovered with a dictionary attack.
Passwords based on personal data.
Passwords based on user characteristics.
Passwords based on modified version of older passwords.
The best way to discover weak passwords is through audits on a regular basis.
Key Features and Benefits:
Determines the strength of corporate network.
Tests the strength of passwords which protects user accounts.
Recovers account lost passwords (find password).
Helps in achieving Regulatory Compliance.
Performs dictionary, brute force and hybrid attacks.
