Password policies tell your users what kind of password to create. They don't tell you whether those passwords will withstand a real attack. Only testing does that.
Crimson Wall's password auditing service tests your organisation's user account passwords against real-world attack methods — the same techniques an attacker would use. The service is performed entirely offline, using your hashed password databases, with no interruption to your network or systems.
We don't just check whether passwords meet your policy. We test whether they actually provide meaningful security — because a password like P@ssword1 satisfies most corporate password policies but offers almost no protection.
What we test for
Commonly Used Passwords
Testing against large databases of the most frequently used and previously breached passwords worldwide.
Dictionary & Brute-Force Attacks
Simulation of the attack techniques most commonly used to crack passwords in the real world.
Credential Re-use Detection
Our proprietary technology identifies accounts whose passwords have been used on other services that have suffered data breaches.
Policy Compliance vs. Real Strength
Identification of passwords that technically comply with your policy but are trivially weak in practice.
Supported systems
The service can be performed on the vast majority of systems used in business environments, including:
- Microsoft Active Directory
- Windows local accounts
- Linux and FreeBSD
- Web-based platforms (WordPress, Joomla, and others)
What you get
- A clear list of accounts with passwords that would not withstand a real-world attack
- Identification of accounts with credentials exposed in external data breaches
- Guidance for account holders on improving password security
- Significant reduction in your exposure to credential-based attacks
Completely offline: The audit is performed using cryptographic techniques on your hashed password data. No passwords are transmitted over a network and there is no impact on your users or systems during the assessment.