A Password acts as the battlefront to a user accounts security. The role of choosing a secure password is not only limited to the end-user but also the administrator who devices the policy for restricting or creation of such a password. A poorly chosen password by your users is an opportunity that is unintentionally provided to malicious users for exploitation. For instance, Hackers (External Users) are constantly on the look-out for loopholes in an organization’s security system in-order to gain access to sensitive information; User accounts that do not have a password stay right on top-of their attack list. One cannot discount the role of insiders in a security breach; stats reveal that an estimated 93 percent of account breaches in an organization have been caused by an insider.
The possible scenarios for Empty Password Accounts:
Threats from both external and internal users makes it all the more important that every user account is protected by using a strong password that is not only unique but also not easily guessable by others. Administrators are aware of these challenges and define strong password policies to ensure that passwords are secure; however, there are certain unintended circumstances where,
- Admins might have missed-out on enforcing the password policy during initial deployment for a select few users.
- An unintentional configuration lapse for a select few users could allow those users to enjoy the convenience of logging in into their account without a password.
- Some organizations might provide an empty password when a user account is created and force their users to change passwords immediately after their first logon. There might be a possibility that the user(s) never joined the organization (i.e.) never logged in into the Domain. This account will remain dormant unless notified by the Human Resource or if were identified using some other methods.
The scenarios listed above are as a result of a drift from the intended security policy. These accounts are to be identified and remedial measures initiated at the earliest.
Empty Password Reporter:
“Empty Password Reporter” ManageEngine ADManager Plus’s Free Active Directory Tool helps in identifying all Domain Accounts that can have a Null Password. It provides a single view of all user accounts that could have empty / null password across containers. The “Empty Password Reporter” tool can be installed on any computer in the domain and an administrator can login into the tool to verify data on all the users who can provide empty passwords.
This tool will be most beneficial for organizations that are getting started with enforcing a Password Policy or those organizations that would like to remediate in-correct password policies that were defined earlier.
The Empty Password Reporter tool helps in eradicating gaps in security measures, assists in a Phased Password change operation and also helps in identify users who are yet to login into the Domain. It can be downloaded from the ManageEngine ADManager Plus’s Suite of Free Active Directory Tools. These tools provide the confidence to both administrators and end-users when it comes to setting passwords. They also help in enforcing a strong password policy in a phased manner and thus maintain an efficient password practice. Download them right away to add to the security of your organization.
The original article/video can be found at Free Active Directory Tool – Empty Password Reporter