Solved

can i use a password cracker against active directory

Posted on 2008-10-08
7
251 Views
Last Modified: 2012-05-05
I am doing some consulting work for a company that has not been very strict on enforcing password complexity.  I have been asked to check the complexity of passwords in the domain but I do not have any tools for that.  What do you recommend? And does the tool provide instructions for the best use?
0
Comment
Question by:gbuch11
  • 2
  • 2
7 Comments
 
LVL 20

Expert Comment

by:wolfcamel
ID: 22670144
the best thing you can do is enforce password complexity and then enforce a required password change in 3 days.
Also - I prefer length to complexity - a password such as "MydogisFido." is easy to remember and hard to crack and easy to type in.
0
 

Author Comment

by:gbuch11
ID: 22670222
I will do that but management wants to know what the complexity is that users are currently using?
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 22679671
This is a manual activity rather than a tool-based one. I would be very suprised if ANY organisation asked you to run a password-checker through their internal system.

A similar exercise was carried out within our own organisation by Cap gemini and their approach was to issue a poll. This was carried out by both email and web survey and asked a number of leading questions such as:

Are you using upper and lower case letters in your passwords?
How many numbers are used in your passwords?
Are you using more than one password for the systems that require you to logon?
How frequently to use a password that you have used previously?
and so on.

You can then collate those answers and give a break down of the complexities.
You can also decide whether you want to make the results anonymous or you migght be able to tie down peer groups etc. All can be done though without the 'possible' issues that could arise from either asking for passwords or being seen by the users of 'big brother type' crap.

Keith
0
 
LVL 20

Accepted Solution

by:
wolfcamel earned 250 total points
ID: 22679792
problem with the poll - most people I know - know that they SHOULD be using complex passwords and would answer accordingly.
users will tend to use the least complex they can get away with. They also tend to make minor changes every month that also become easy to guess..eg  Simon1, simon2, simon3 for the month, so they know what they are up to.
0
 
LVL 51

Assisted Solution

by:Keith Alabaster
Keith Alabaster earned 250 total points
ID: 22680950
This is true but is the nature of the beast. The HR ramifications, privacy laws - even for a business, don't blame me, someone has my password brigade etc etc - the ramifications of the cracker approach was a minefield. I work in Government so maybe ours was a little OTT but this was the feedback we had been given by all the departments that were 'in the know' on these things.

If the tool approach is REALLY the method that your company is advocating then an advance notification that you are undertaking this activity and will be repeating the audit periodically could be a reasonable driver.

Also bear in mind your company's IT Policy. Sounds stupid but if, for example, you allow your staff to save ANY personal information on the IT systems - and that data is protected (in their minds at least) by the username/password credentials - you could be challenged to provide proof positive that no-one has used the passwords you have gleaned surreptitiously.

We have some real 'mischief makers' - do you?

Lastly, remember that none of the tools available are supported by Microsoft. Use of such tools - and this is just something in the back of my head that I seem to remember from when I worked for them - breaks your license agreement.

However, to answer your question if you really want to do it the way you described then yes - most come with instructions.

Keith
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

There are three types of ISA client that can be configured - these can be individual clients or multiples of a client on each PC or server SecureNAT. A SecureNAT client for ISA server is a client machine, work station or server, that has its defa…
ISA Server detected routes through the network adapter LAN that do not correlate with the network to which this network adapter belongs What does this mean and how can one go about correcting it? In simple terms, this error message indicates t…
In a recent question (https://www.experts-exchange.com/questions/28997919/Pagination-in-Adobe-Acrobat.html) here at Experts Exchange, a member asked how to add page numbers to a PDF file using Adobe Acrobat XI Pro. This short video Micro Tutorial sh…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question