Password Security Audit Software Reduces Network Security Threats

Share Article

ElcomSoft, a global leader in password recovery solutions, has released Proactive Password Auditor (tm), a password audit and security test tool that makes it easy for Windows NT4/2000/XP/2003 systems administrators to identify and close security holes in their networks. By running Proactive Password Auditor regularly, managers can have peace of mind that the basic lock on their networks is secure.

Password hacking continues to be a serious network security threat. Too often, people use simple and easy-to-remember passwords such as common words, repeating characters, and names. Proactive Password Auditor (tm) helps secure networks by executing a comprehensive audit of account passwords, and exposing all insecure passwords. Chief Security Officers can locate individual security holes, and patch them immediately. They can also identify patterns and trends that weaken security, and develop the appropriate policies to improve network security. An administrator can use Proactive Password Auditor (tm) to recover any lost password, and access a user's Windows account.

The program audits passwords by analyzing user password hashes, and recovering plain-text passwords. If it is possible to recover the password within a reasonable time, the password is considered insecure. With support for both LM and the NTLM password authentication protocols, Proactive Password Auditor (tm) can audit and authenticate passwords very quickly, even on networks with thousands of user accounts.

In addition to Microsoft Active Directory Support, faster operation, better wordlist management, and automatic decryption of passwords for certain system accounts, there are three new powerful features:

  • Rainbow Attack. Because it can take days or weeks for a computer to generate all of the possible passwords for a particular system, ElcomSoft has introduced a new "rainbow attack" subsystem. You can run Proactive Password Auditor (tm) in the background to generate and use pre-computed hash tables that will allow you to find most passwords in minutes instead of days or weeks;
  • Preliminary Attack. Under this regimen, password hashes are retrieved, and the audit process starts automatically, using pre-configured options. First, the program checks obvious passwords (for example, the password is the same as the user name). Second, it retrieves and decrypts passwords from memory. Third, the program runs the dictionary attack; and
  • Simultaneous Auditing. Program can audit multiple servers and computers at once. By saving user names and passwords, future audits are performed with just a few clicks, and without having to re-enter setup information.

Proactive Password Auditor (tm) runs under Windows 98/Me/NT4/2000/XP/2003; some program features are available only on Windows NT4/2000/XP/2003, and require Administrator privileges. Prices begin at $299(US) for networks with up to 20 user accounts. For more information and free trial version, visit

Evaluation copy available on request.

About ElcomSoft Co. Ltd.

Since 1990, ElcomSoft Co. Ltd. has been developing and marketing password recovery, forensics, and security software for Windows. In addition to Proactive Password Auditor (tm), the company also offers a comprehensive line of password recovery software for more than 80 popular file and document types, email clients, compression programs, instant messengers, and other applications. ElcomSoft tools are used by most of the Fortune 500 corporations, many branches of the military all over the world, foreign governments, and all major accounting companies.


Share article on social media or email:

View article via:

Pdf Print

Contact Author

Dmitry Harchenko