IT security company KnowBe4 recently announced the release of Weak Password Test (WPT), a free tool for organizations that use Active Directory. 

According to Verizon’s 2017 Data Breach Investigations Report, 81 percent of hacking-related data breaches leveraged either stolen and/or weak passwords. WPT checks Active Directory for multiple types of threats related to weak passwords.

The tool can be connected to Active Directory to locally analyze for the following vulnerabilities in just a few minutes:

Weak passwords, including the most common passwords and dictionary passwords;

Duplicate passwords: passwords shared among multiple accounts;

Empty passwords: accounts that have blank passwords;

Password never expires: accounts with no requirement to change the password;

Password not required: accounts that could be set to a blank password;

LM hash password: accounts that store passwords using a LAN Manager hash, susceptible to brute force attacks;

AES keys missing: accounts set up using older functional AD levels and, thus, have no AES keys;

Kerberos DES-only: accounts setup using the older and since retired DES encryption mechanism; and

Pre-authentication missing: accounts that do not encrypt authentication requests, giving the attacker the ability to perform offline brute force attacks which are less likely to be detected.

By using WPT, IT managers will know if their password management fails in any of these areas so that they can take action. Depending upon the failures this may involve user training or technical controls being put into place.

To keep security tight, the tool does not show/report on the actual passwords of accounts, it simply reports on the accounts that are affected by the aforementioned vulnerabilities. For more information, or to download the no-charge Weak Password Test, visit