KnowBe4, a provider of security awareness training and simulated phishing solutions, has released a new tool called Breached Password Test (BPT) that searches nearly two billion records to identify passwords that are currently in use despite having been exposed in a previous data breach.
The system is designed to help channel pros and IT administrators quickly isolate password security vulnerabilities and streamline the process of identifying high risk passwords being re-used. The tool examines passwords on accounts that are currently within an organization’s domain and listed within its Active Directory.
“IT security professionals are often forced to use very time-consuming manual methods of searching out password breach lists to find compromised passwords in their network. Having a free tool like the Breached Password Test goes a step beyond typical password policies to help administrators ultimately protect their infrastructures, networks and systems,” said Stu Sjouwerman, CEO of KnowBe4, in a press statement.
According to KnowBe4, BPT takes a few minutes to run against an Active Directory list and enables IT admins to check a company's domains and accounts as frequently as they like. The National Institute of Standards and Technology recently issued an official recommendation that organizations check user-provided passwords against existing data breaches.