How does IT audit password contents?
Go to solution
Solved by AbydosOne,
Well, I'll be... IT got back to me...
QuoteThanks for your interest in security, and for reaching out! Your password is not stored or accessible in plaintext. We conduct our audit on the encrypted hashes of the passwords through brute force, and if a matching hash is found then we know that password was weak. This process largely involves testing the known hashes of previously breached passwords from data leaks and common password patterns. For context, a hash is a one-way encryption of plaintext that creates a unique output (so if we find matching hashes, we know we’ve found a weak password).
They actually just dictionary/brute-forced it. That's actually kinda neat.
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now