Satisnet Ltd, Basepoint Innovation Centre, 110 Butterfield Great Marlings, Luton, Bedfordshire, LU2 8DL
+44 (0) 1582 434320

Thing I Love - Coffee, Compliance (And Free Stuff)

Thing I Love - Coffee, Compliance (And Free Stuff)

Thing I Love - Coffee, Compliance (And Free Stuff)

Here’s something about me you might not know; there are several things I love: coffee and motorsport, port and cheese, chocolate cheesecake, and free stuff that’s actually useful! And here’s one that you might have thought is a useful toy, but can actually be an important and integral part of your e-policy compliance audit toolkit.

Thycotic Weak Password Finder for Active Directory – although you can’t accuse them of having a snappy, memorable name, it sure is useful!

Now in the past I’ve been in teams that have used password cracking tools such as l0phtcrack. I must admit it seemed pretty funny at the time to see the number of passwords that matched the team printed on the offender’s favourite mug, but doing compliance checks this way raised a few important questions.


Most important of these was this: we were breaking password policy to enforce password policy!

Well this is exactly what Thycotic Weak Password Finder for Active Directory (TWPFfAD) does.

The Weak Password Finder Tool is portable and requires no installation, simple to use, and above all - secure. Passwords are never recorded or exposed, and sensitive information is never stored.

How can I be sure this process is secure?

TWPFfAD generates hashes from a dictionary of weak and compromised passwords from known breaches and compares them against the retrieved account data. Account data used for analysis is pulled from active directory using the replication functions.

Are there any limits to its use?

The Thycotic Weak Password Finder Tool can be run on a single or multiple Domains. This is all very well, but how good is the test? The tool uses more than 1.5 million common passwords from publicly available lists to determine “weak” passwords, and you can quickly add your own weak passwords in a text file.

Weak Password Finder For Active Directory

Okay, I’m convinced! How can I get my hands on a copy?

Simple! Get yourself over to and you’ll be checking those Active Directory password in a matter of minutes!