How It Works

Every password that your organization uses is stored in your domain controllers. To make sure nobody can read them, all the passwords go through an irreversible algorithm. The result is then stored in a database.

Every time you login on a computer, Windows apply the same algorithm on the password you typed and compare the result to what is stored the database. If they match, you are logged in.

At Better Passwords, we believe in transparency. So here’s what we do :

1. We send you an executable file to run on your domain controller. It extracts the database (NTDS.DIT) containing all the unreadable passwords. It’s then encrypted with a password of your choosing.
   

2. You send us the encrypted file and the password separately.
   

3. We send the file through an algorithm that basically does the same thing that Windows does when you are trying to logon on your computer. The big difference is that our machines will try billions of passwords in a short period of time. Finally, we interogate a database containing billions of account that have been compromised to see if it contains some of yours.
   

4. We take all the results and we make an executive summary containing all the important informations.