Password verification is still being used in most organisations as a mechanism to authenticate its users. There are many problems with the use of passwords, notably that users choose passwords that are easy to guess and in some cases users never change their passwords.
Enforcing password policies help to some extent, but users end up using passwords that conform to corporate policies but are of very little value from a security perspective. Typical password policies used by organisations force users to use one uppercase letter, one number and one special character. Examples of weak passwords conforming to such a policy include P@ssword1 and Passw0rd!. Many employees, therefore, end up using passwords that are easy to guess and offers very little protection from a security perspective.
The Crimson Wall team provides password auditing services to organisations to help address this problem. This is done by testing user accounts passwords against the most commonly used passwords around the world (at this point in time). We test user account passwords using the hashed password databases used by your system. The service is performed off-line, without any interruptions to the corporate network using specialised cryptographic methods. Accounts with weak passwords are identified, and we’ll assist the account holders in improving their passwords. During follow-up visits, we’ll also identify accounts with passwords that have not changed since a previous audit, thereby ensuring that passwords are changed adequately from time-to-time.
People tend to be creatures of habit, and this trend also exists for passwords in the sense that one password is used for many online services. Our proprietary account matching technology, developed at Crimson Wall, can also help to identify user accounts with passwords that have been re-used by the same users for other web services that suffered breaches around the world.
This service can be performed on just about any popular system used by organisations, notably: