10-D Security Password Audit is a professional service that evaluates password strength within an organization's Active Directory environment. The service extracts password hashes from Active Directory using a forensically sound process that does not rely on third-party tools, ensuring domain controllers remain online without service disruption. The assessment utilizes a password cracking engine designed specifically for testing password strength. Password hashes are collected from Active Directory and subjected to cracking attempts that typically run for 24, 48, or 72 hours depending on the engagement. Multiple password cracking methods are employed during the assessment. The service aims to identify users who employ weak passwords that may conform to complexity and length requirements but are based on common dictionary terms. Organizations can use the results to educate users about proper password practices and address vulnerabilities before attackers can exploit them. Engagements are available on yearly or quarterly schedules. The service is targeted at financial institutions, healthcare organizations, and legal/professional firms that need to protect customer information and maintain compliance requirements. Reports are delivered in a format designed for easy interpretation by management.