The following is a list of reports you can view/export from Specops Password Auditor tool.
Use this report to identify user accounts with passwords that are known to be compromised. The accounts in this list should be prompted to change their password.
Note: The Breached Passwords report does not use clear text passwords. The MD4 hashes of the compromised passwords is compared to the hashes of the passwords from the domain. The hashes are not stored, they are read and kept in memory by Specops Password Auditor.
Use this report to identify groups of user accounts that have the same password. Admin users who use the same password for their normal user accounts and their admin accounts increase their attack surface. The accounts in this list should be prompted to change their password.
Use this report to identify user accounts with blank passwords. These accounts are affected by a policy without a password requirement.
Use this report to identify whether admin privileges are used appropriately (granted to users performing tasks that span across Active Directory domains, or activities that require elevated permissions). Delete unnecessary admin accounts and consider a delegated Active Directory security model to follow best practice.
Stale Admin Accounts
Use this report to audit unused accounts. Dormant accounts should be deleted as they can be leveraged by attackers to access resources without being noticed.
Password Not Required
Use this report to identify user accounts with the control flag for not requiring a password, or those affected by a password policy without a minimum password length. The accounts in this list indicate serious security holes within your organization.
Use this report to keep track of password expiration. Anticipating the expiration with a contingency plan can be effective for curbing password reset calls.
Password never expires
Use this report to keep track of accounts that have their passwords set to never expire. These can be more vulnerable to attack if the user is reusing this password elsewhere.
Use this report to identify user accounts with expired passwords. Password that have been expired for an extended period of time can indicate a stale account.
Use this report for an overview of your password policies including change interval, dictionary enforcement, as well as entropy.
The following settings are used to determine the maximum entropy.
- Minimum length= 16 characters
At least one of each of the following:
- Special Character
Any policy with as strong, or stronger settings will be displayed as having “maximum” strength.
For more information about the entropy calculation, click here.
Password Policy Usage
Use this report for a graphical overview of users affected by each password policy.
Password Policy Compliance
Use this report to measure your password policies against industry and compliance recommendations.