Enzoic for Active Directory Lite

A free password auditing tool for Active Directory.
See your domain's password vulnerabilities in seconds.

Prevent Attackers from Hacking Your Organization. Check Your Passwords with Enzoic's Free Password Auditor.

New data breaches expose user credentials every day causing password audits to be more difficult. These passwords are quickly fed into hackers’ cracking dictionaries and changing which passwords you need to keep out of your organization.

With Enzoic for Active Directory Lite, auditing for compromised passwords is quick and easy. By using Enzoic’s proprietary database of 7+ billion exposed passwords, Enzoic's password auditing tool quickly scans your Active Directory environment and identifies:

common and weak passwords,

passwords found in cracking dictionaries,

actual passwords previously breached and exposed online

reused passwords

Enzoic's password auditor is a lightweight version of the full Enzoic for Active Directory, an automated solution for keeping passwords secure.

Get a quick snapshot of your domain's password vulnerabilities in seconds.
A free password auditing tool. Just download and go. No key required.

Active Directory Password Auditor Results

Traditional algorithmic complexity is no longer considered essential to password strength. NIST password guidelines now want you to screen for commonly used and compromised passwords.

Enzoic quick and free password auditor pinpoints which user accounts in Active Directory have weak, compromised or reused passwords.

Download and Run

Check out Enzoic's password auditing tool 4sysop review.

Want more information? Read more about Active Directory Lite and how it helps audit for compromised passwords.

Active Directory Lite FAQs

What is provided in the password audit report?

Do I need to purchase a license key?

What are the requirements?

Why is Internet access necessary?

How fast is the password auditor?

What data is sent to Enzoic?

Enzoic for Active Directory Lite uses a partial hash comparison approach through Enzoic’s Password API. This allows you to check whether a given password is known to be compromised, without the exact password or hash leaving your environment. It is only necessary to supply the first 10 hex characters of a hash. A list of candidate hashes will then be returned and compared locally with the exact hash to determine if there is a match. The partial hash data is not stored by Enzoic and is actively deleted from our server memory when this process is completed.

How do weak / exposed passwords differ?

How does the full Enzoic product work?

The full Enzoic for Active Directory is a complete solution for keeping vulnerable passwords out of your organization and complying with current NIST guidelines. It adds a password policy within Active Directory to protect against unsafe passwords. It includes a custom password dictionary, blocks username derivatives, and checks fuzzy matches with common leetspeak substitutions. It then does automatic, continuous auditing to determine when a safe password becomes vulnerable. Remediation is also automated, including notification, password reset or disabling accounts. Learn more here https://www.enzoic.com/active-directory/.

Guidelines for Stronger Passwords

Stronger passwords mean that users are keeping themselves safer online. If users are safer online, your organization stays safer.

Make the password long. At least 10 characters, but we recommend more
Use a password lockout policy. An effective method against brute-force hacking.
Reference blacklists of previously leaked/breached passwords

Guard Against the Use of Pwned Passwords

The use of pwned passwords, or passwords that have been exposed in data breaches, significantly increases security vulnerability. Cybercriminals can easily access compromised credentials via the Dark Web to infiltrate corporate accounts.

Educate employees with best practices
Adopt additional authentication measures
Check for pwned passwords and more

NIST Password Guidelines

Verify that passwords are not compromised before they are activated and monitor them on an ongoing basis.