Weak Password Test

How weak are your user’s passwords?

Are your user’s passwords…P@ssw0rd? Bad guys are constantly coming out with new ways to hack your network while evading detection.

Employees are the weakest link in network security, using weak passwords and falling for phishing and social engineering attacks.

Verizon's recent Data Breach Report showed that 81% of hacking-related breaches used either stolen and/or weak passwords. 

KnowBe4’s complimentary Weak Password Test (WPT) checks your Active Directory for several different types of weak password related threats.

WPT gives you a quick look at the effectiveness of your password policies and any fails so that you can take action. This tests against 10 types of weak password related threats for example; Weak, Duplicate, Empty, Never Expires, plus 6 more.

Here's how the Weak Password Test works:

checkmark Reports on the accounts that are affected

checkmark Tests against 10 types of weak password related threats

checkmark Does not show/report on the actual passwords of accounts

checkmark  Just download the install and run it  

checkmark  Results in a few minutes! 

This will take you 5 minutes and may give you some insights you never expected!

Download your free Weak Password Test here:



How do I get email addresses out of Active Directory for the upload?

The following command will limit the results to only email addresses for actual users. (excluding public folders, distribution list, etc) It doesn’t take disabled accounts into consideration, though:

dsquery * -filter “(&(objectClass=user)(mail=*))” -attr mail -limit 0 > email_addresses.txt

Microsoft also has a little note about running this in Windows Server 2008 (from: http://technet.microsoft.com/en-us/library/cc725702(WS.10).aspx ):

“To use dsquery, you must run the dsquery command from an elevated command prompt. To open an elevated command prompt, click Start, right-click Command Prompt, and then click Run as administrator.”