Release Notes

Current Release


Improved functionality

  • The Identical passwords report has been easier to navigate.

Other changes

  • Relative strength now uses entropy.

Released May 04, 2021


New functionality

  • New report to show users with ‘Password never expires’.

Other changes

  • New hostname for Breached Password Protection, see Installation (section Requirements)
  • Added index for same password report for readability.
  • Changed to save last download folder to per-computer rather than per-user, to avoid having multiple users on the same computer download the same list to different locations.

Released September 16, 2020


Fixed Issues

  • Fixed an issue where some reports were displayed even though data had not been collected for them.

Released July 20, 2020


New Features

  • Added PDF reporting, summarizing password security related findings.
  • Added option to select root for scanning, when not scanning the entire Active Directory.

Fixed Issues

  • Compliance report could fail to include dictionaries.

Released July 8, 2020


New Features

  • Due to the unprecedented global impact of COVID-19, Specops Software has enabled full functionality in Specops Password Auditor even with a trial license, enabling organizations to identify users who are running compromised/identical passwords on their AD accounts.
  • Additionally we have extended the ability to review the Expiring Passwords report up to a year in advance so that you can easily identify users whose passwords may expire while they are off the corporate network during the current global pandemic.

Fixed Issues

  • Installation could fail if .Net framework 4.8 was installed.

Released March 24, 2020


Fixed Issues

  • Fixed an issue where scanning users could fail and stop the entire scan process.

Released February 20, 2020


Other changes

  • Improved offline scan workflow (see Offline Scans for more information).

Released December 11, 2019


New Features

  • Added export option for all users with leaked passwords.

Fixed issues

  • Fixed an issue where the back navigation could fail after downloading a dictionary.

Released October 16, 2019


Fixed issues

  • Fixed an error that could happen if the user who is running SPA does not have permission to read users’ security group memberships.
  • Improved error handling if some password hashes cannot be read from the domain controller.

Other changes

  • Changed the structure of the Identical Passwords report to use two levels for increased performance.
  • Improved performance when reading user details.
  • Improved error messages when failing to access the Breached Password Protection Express online service.

Released August 12, 2019


Fixed issues

  • In some environments, looking up a user’s password hash could fail.

Released July 29, 2019


New Features

  • Added SamAccountName information to multiple reports.
  • Added email address information to the export of multiple reports.
  • Added distinguishedName information to the export of multiple reports.

Fixed issues

  • In some scenarios, dictionary download timeouts caused the Breached Password Protection scanning to fail.

Other changes

  • The Identical Passwords report will now export all accounts instead of 50 accounts per group.
  • Responsiveness improvements when the Breached Password Protection scanning is cancelled (either manually or automatically due to an error).
  • Added configuration to enable SPA to use the default proxy when downloading the Breached Password Protection Express dictionary.
  • Improved the error message that is displayed if something goes wrong when scanning Active Directory.

Released June 19, 2019


New Features

  • New report that identifies user accounts with passwords that are known to be leaked. This feature compares the password hashes of user accounts with a list of leaked passwords from the Specops Password Breached Password Protection.
    • Note: For full feature functionality, you will need a license for Specops Breached Password Protection.
  • New report that identifies user accounts that have the same password.
  • New report that identifies user accounts with blank passwords (no password).

Released June 12, 2019


Fixed Issues

  • Fixed issue where scanning stopped if the “Password Settings” container for fine grained password policies was missing.
  • Fixed issue with writing default application settings in registry.
  • Registry writing from x86 installer on x64 OS was incorrect.

Other Changes

  • Improved error process if scanning fails.

Released May 5, 2017