One of my favourite security tools, L0phtCrack, is back and available for download.  L0phtCrack is an excellent password auditing tool which allows you to determine whether or not there are weak passwords on your network.  L0phtCrack first came out in 1997 and it is a sad reflection on the information security industry, that twelve years later we still depend on passwords to protect our key information assets.

I remember giving a presentation on information security in 1998.  As delegates entered the room we had them enter in a secure password into a Windows laptop.  While I gave my presentation I had L0phtCrack audit the passwords on the laptop.  At the end of the presentation, which lasted about 40 minutes, I then displayed the results from the audit.  It was telling the shock and amazement on the delegates faces when they saw their “secure” passwords displayed on a screen within such a short period of time.  I am willing to bet that if I ran that same test today there would still be a large number of people who would enter passwords into the test machine that would be quickly cracked.

I recommend strongly that you download L0phtCrack and have a look at how strong your own users’ accounts are.  But be warned make sure you get permission of your senior management before doing so.