Password Strength Tester

Test passwords set by your staff before a hacker does it for you!

A person meditating on a small hill with a bright sun behind them
Password Strength Tester image of enlightenment (AI generated image)

This blog introduces a service we offer called Password Strength Tester (PST). Many companies fail to test their passwords and most don't have a formal policy on the subject. This means when an attacker gains access to a company's network further compromise is trivial by permitting lateral movement and compromise of more accounts and systems. The PST service is designed for firms wanting to step-up their security and make it more difficult for attackers to compromise systems, accounts and achieve lateral movement.

Why do you need a service like this?

Your staff choose their own passwords. If they choose poorly, they could be putting you and your business at risk. The more staff you have the more likely it is that some of your passwords have been poorly selected. Managing the resulting cyber security incident is both expensive and time consuming. Why not test the passwords chosen by your staff before the hackers do? Eliminate the weak passwords!

You should also think about contractors and other third parties with access to your internal systems. Don't trust them to do the right thing - check that they are!

How easy is the service to use?

The service is straight forward to use, we collect the required files from you using a method of your choosing (we’d expect you already have this in place). We test the encrypted passwords (just like a hacker would) and provide you with a formal report within 2 weeks.  A draft interim extract is available after one week if requested.

Why choose us?

Simply put we believe we are the best at cracking passwords. We are a UK based company founded by Jonathan Evans former Head of Global IT Security at Rothschild & Co. Try us for a free trail and see for yourself - we are confident in our service!

What’s included?

Your passwords will be tested against:

  • Our master password list that contains in excess of 30 million passwords.
  • A list of known compromised passwords - based on the haveibeenpwned.com dataset.
  • More than 5,000 variations of the 30 million passwords in the master password list. This is extensive and takes a significant amount of time to complete.
  • Custom crafted password lists based on your company and its password complexity rules.

What are the best bits of the service?

  • No hardware or connectivity required.
  • No software or training required.
  • No ongoing software, hardware or connectivity maintenance required.
  • Files required are extracted from backup datasets – your IT administrators should be able to do this easily.
  • No management or reporting required by you or your team.
  • We require no remote access to your systems to carry out the testing.
  • Tests can be scheduled monthly, quarterly, half yearly or annually.
  • All data resides in the UK or EU with all cryptographic processing performed in the UK on dedicated hardware.
  • We test Windows, Active Directory, Unix and Directory Services - other system types on request.

Interested?

If you are interested in the PST service please get in touch for a free no obligation consultation - contact@itsecuritylocksmith.co.uk

We also provide:

  • Crypto-wallet passcode recovery services to UK based SRA registered solicitors and UK prosecution authorities.
  • Encrypted file recovery services.

Please contact us for further information.

About IT Security Locksmith

IT Security Locksmith specialises in board level training and consultancy.

To find out more about our capabilities please click here.

Our services page showcases the types of services we offer.

Click here to contact us for a no obligation initial consultation.