Skip to content
Salus Cyber

Penetration Testing

Password Audit

Evaluate your passwords security strength.

Strengthen your organisation’s security defences by assessing company password policy and employee password behaviour.

A password audit assesses an organisation's password security policies and practices.

Scoping: The first step in a password audit is to determine the scope of the audit, including which systems and accounts will be audited, what kind of data and access they are expected to protect, and which standards (if any) they must meet.

Data Gathering: The password audit team will collect password data from the organisation's systems and accounts. This typically involved the collection of hashed passwords from resources such as the organisation’s Active Directory.

Analysis: The password audit team will then analyse the password data to identify patterns, trends, and weaknesses in password security policies and practices. This includes analysing the length, complexity, and diversity of passwords and identifying any common or easily guessable passwords.

Password Cracking: The password audit team may also test password strength by attempting to crack or guess passwords. This can be done using various methods, including brute force and dictionary attacks. Salus Cyber uses the same databases of leaked passwords that adversaries use when attempting to crack user passwords.

First Line Dark


Conducting a password audit engagement can help raise awareness among employees and users about the importance of strong password security practices. This can help promote a culture of security within the organisation, reducing the likelihood of a successful cyber-attack.


A password audit can help identify and address weaknesses in password policies and practices early. This can help protect an organisation's sensitive data, intellectual property, and reputation.


Password reuse across multiple services is a dangerous yet common practice. Passwords compromised from less secure systems commonly get leaked online and could be reused to access your organisation. Salus Cyber research and acquires the same password databases that malicious actors use, and we actively use them to check against them during data audits.


Password assessments for large organisations with tens of thousands of accounts can be a lengthy and highly resource-intensive process. Salus Cyber’s dedicated password-cracking resources have the capacity and are optimised for efficient password cracking.

How we work

Customer Journey

  1. Identify

    First, we take time to familiarise ourselves with your business. This allows us to clearly understand your requirements, your business risks, your key pain-points, and the outcomes you’re looking for.

  2. Understand

    We turn those requirements into crystal-clear scoping and test plan documents, so you know precisely what we’ll be doing, when we will be doing it, and how we will do it.

  3. Test

    We deliver what we promised.

  4. Inform

    Every report we create is unique based on your business, we don’t use cookie cutter data for our summaries or our remediation plans. Our precise and concise findings brief will advise what steps your business needs to take next to reduce cyber risk.

  5. Remediate

    We can ensure that the remediation process is tracked and coordinated within your business, we will allocate resources to point you in the right directions or if you need our help directly with remediation, we’ve got you covered.

  6. Feedback

    Your opinion is important to us, so we send a questionnaire to every one of our customers after each project – so you can let us know how we did.

Request a call back