Enzoic released its retrospective 2024 Active Directory Lite Password Auditor Report, shedding light on alarming trends in password security and credential hygiene within Active Directory (AD) environments. The findings underscore the persistent risks posed by compromised passwords and mismanaged accounts, urging organizations to adopt continuous password auditing and credential screening.

The 2024 Password Auditor Report is based on data collected throughout 2024 from organizations using Enzoic for AD Lite Password Auditor, a product that scans Active Directory environments to identify compromised, weak, and misconfigured credentials. With AD environments remaining a primary target for cybercriminals, the report highlights how compromised and weak credentials can introduce key security gaps that could leave organizations vulnerable to breaches and ransomware attacks.

Key Findings from the Report:

• Rising Adoption of Password Auditing: Between 2020 and 2024, Enzoic AD Lite Password Auditor user scans surged by 315%, reflecting increasing awareness of the risks associated with compromised credentials and alignment with security frameworks such as NIST 800-63B and CMMC.
• Persistent Unsafe Passwords: Despite heightened awareness, 21% of users continue to rely on compromised, weak, or duplicate passwords, significantly increasing their risk of account takeover (ATO) attacks.
• Explosion of Stale Accounts: There was a 151% increase in stale accounts (inactive accounts that have not been used in six months or more), a critical oversight that creates an easy backdoor for attackers.
• Misconfigured Accounts on the Rise:
  • Expired passwords rose by 175% from 2023 to 2024, indicating that organizations with expiration policies in place may still have dormant, unsecured accounts.
  • No-password accounts increased 4.6x over the past year, posing a severe security risk by allowing unrestricted access to threat actors.

"The data confirms what we've long suspected: compromised credentials and misconfigured accounts continue to be major security blind spots," said Jeff Kasser, Director of Engineering, Enzoic. "Organizations need to embrace continuous password auditing to combat these threats effectively."

The report highlights how password vulnerabilities contribute to a broader attack surface, and this is confirmed through other important research reports and industry frameworks. Compromised passwords remain the leading entry point for data breaches, with 61% of breaches involving stolen credentials, according to the Verizon Data Breach Investigations Report (DBIR). Industry compliance requirements are evolving, with frameworks like CMMC, NYDFS, and HITRUST emphasizing the need for proactive credential security.

A Call to Action for Proactive Credential Security

The findings from the 2024 Enzoic AD Lite Password Auditor Report reaffirm the urgent need for organizations to prioritize credential security. While password auditing is gaining traction, many enterprises still lack comprehensive governance, leaving their Active Directory environments exposed to evolving cyber threats.

To mitigate these risks, organizations must take a proactive and layered approach to credential security:

1. Implement Continuous Password Auditing & Screening - Real-time monitoring against known breach databases should be standard practice to detect and neutralize compromised credentials before they lead to breaches. The databases need to be refreshed daily instead of weekly or monthly.
2. Target High-Risk Accounts for Remediation - Address stale accounts and misconfigurations to eliminate common attack entry points.
3. Align Policies with NIST SP 800-63B - Move beyond complexity rules and time-based password resets to real-time risk-based detection of compromised credentials.
4. Enhance User Education - Train users on password hygiene, encourage multi-factor authentication (MFA), and enforce security best practices.
5. Conduct Regular Security Audits & Testing - Perform periodic stale account purges and red team exercises to detect misconfigurations before attackers exploit them.

"Organizations need to shift from a reactive to a proactive stance on password security," Kasser added. "Compromised credential screening should be a foundational security measure-not an afterthought."