Get password reports
Analyze your domain password policies, and fine-grained password policies, to see if they enable users to create secure passwords. Generate reports to identify accounts with password vulnerabilities, including expired passwords, identical passwords, blank passwords, and more. In addition to these insights, Specops Password Auditor allows you to measure the effectiveness of your policies against a brute-force attack. For a complete list of the password reports, see the product overview.
Audit Active Directory accounts
With many breaches resulting from compromised passwords, accounts using leaked passwords are an entry point for attackers. Our password audit tool scans and checks passwords of the user accounts against a list of vulnerable passwords obtained from multiple data breach leaks. It also provides a full view of the administrator accounts in an organization’s domain, including stale/inactive admin accounts. From a single view, you can identify vulnerabilities that can assist you with your security plan.
Align password policies with standards
Are your password policies enabling poor practice? Specops Password Auditor generates comparison reports of the password settings in your organization, with industry standards and compliance standards from NIST, CJIS, PCI, HITRUST, NCSC, CNIL, ANSSI, and BSI.
Sound like a good fit?Get in Touch
- Overview of password policies including change interval, dictionary enforcement, as well as relative strength
- Identify accounts using one of over 1 billion compromised passwords
- Identify user accounts without a minimum password length requirement
- Identify dormant user accounts
- Password expiration reports to curb password-related helpdesk calls
- Use standalone or integrate with Specops Password Policy
- Export report data to CSV for further processing
- Generate an executive summary PDF report to share your results with decision makers (available in English, French, or German)
- Audit least privilege implementation with a review of accounts with admin rights
- Identify users who have not changed their password since X date to help with a reset all password directive or the rollout of a new password policy
Frequently Asked Questions
Specops Password Auditor is a free tool that checks Active Directory for password vulnerabilities, including if a user account password appears on a breached password list, such as the Have I been Pwned password list. The complete list of reports includes:
- Blank Passwords
- Breached Passwords
- Identical Passwords
- Admin Accounts
- Delegable Admin Accounts
- Stale Admin Accounts
- Stale User Accounts
- Password Not Required
- Password Never Expires
- Expiring Passwords
- Expired Passwords
- Password Age
- Password Policies
- Password Policy Usage
- Password Policy Compliance
Specops Password Auditor will run a read-only scan of your Active Directory network. You can scan custom root, multiple OUs, or multiple trusted domains at once. You can also choose to anonymize username data in your results. Once your scan is complete, you can export results to a CSV or download an executive summary PDF to share with others.
Specops Password Auditor can run from any domain joined workstation (Windows 8 and above, or Server 2012 and above), either as a regular user, or as a domain admin. For a full list of the requirements, please refer to the installation guide.
Yes. Specops Password Auditor can compare password settings in your organization with industry standards, including: NIST, CJIS, PCI, HITRUST, NCSC, CNIL, ANSSI, and BSI.
No. Specops Password Auditor is a reporting tool. It will only read information from Active Directory without making any changes. For more information, see Impact of running Specops Password Auditor on Active Directory.
Yes. Specops Password Auditor flags issues that impact how well your password policies defend against attacks like the use of compromised passwords and more. For a specific strength rating, you can see an entropy rating for each scanned password policy.
You can share results at your discretion via a report export. You can download an overview of results via the Executive Summary report or you can export individual report results to CSV. Before sharing, you may want to consider configuring your scan to run with anonymous user data. Alternatively, if your colleague has appropriate privileges, you can direct them to download and run Password Auditor themselves.
No. The reports only flag which accounts have passwords issues but don’t reveal the password itself. Only one-way encrypted password hashes are compared, the product contains no link between hashes and plain text passwords, and no passwords are revealed.
Specops Password Auditor compares hashes from your AD to hashes in the downloaded Breached Password list.
The Breached Passwords report does not use clear text passwords. The MD4 hashes of the compromised passwords are compared to the hashes of the passwords from the domain. The hashes are not stored, they are read and kept in memory by Specops Password Auditor.
The executive summary report export includes advice on how to resolve specific issues in your scan. It also includes some severity ratings and an overall password vulnerability score to help you prioritize your fixes. For a proactive approach against breached passwords, use Specops Password Policy’s Breached Password Protection to actively block and prevent the use of breached passwords.
Powerful and easy to use
Download for FREE
Please fill in your information to get your free download. All fields are mandatory.
Windows expert review on 4sysops.com
Timothy Warner, “For Windows systems administrators, Specops Password Auditor is a must-have utility. You can’t beat the price (free), and if the tool helps you spot just one previously unknown high-privilege account, then the tool has given your business tremendous value.”Full Review
Gold Award on TechGenix.com!
Brien Posey, “The software works flawlessly, the documentation is well written (not that you will need it), the software is easy to use, you can get it for free, and most importantly, it does something useful. I simply cannot justify giving Specops Password Auditor anything other than a well deserved perfect score.”Full Review