Password Exposure Checklist


Have you experienced a password exposure event?

Use our detailed password remediation checklist to regain control of your password management.


Password management can be both a blessing and a curse for the security of your department and resources. We’ve compiled a checklist of issues your team will want to examine when remediating an exposure event of your password management program including the use of password managers your organization may use. This checklist is intended to serve as a guide for remediation of exposure for the following situations:

  • An employee with administrative access leaves the company
  • Employees with access to shared account passwords leaves the company
  • Passwords were exposed (e.g. exported in mass from a password manager)

You are encouraged to use auditor judgement in determining risks, impact, and appropriate next steps for your organization. All scenarios specific to your environment may not be reflected.

In the case of a suspected breach, we strongly recommend hiring a 3rd party security testing firm to thoroughly evaluate the impacts. A forensic analysis will help trace the intrusion and establish a clear plan of action to mitigate the threats to your organization. Using the adversarial experience of an advanced penetration team, such as Stinnett’s, will help your organization determine the full impact of a suspected breach.

Get our checklist

Sign up below to receive an emailed copy of our latest password exposure checklist designed for auditors.

#mc_embed_signup{background:#fff; clear:left; font:14px Helvetica,Arial,sans-serif; }
/* Add your own Mailchimp form style overrides in your site stylesheet or in this style block.
We recommend moving this block and the preceding CSS link to the HEAD of your HTML file. */

* indicates required


(function($) {window.fnames = new Array(); window.ftypes = new Array();fnames[0]=’EMAIL’;ftypes[0]=’email’;fnames[1]=’FNAME’;ftypes[1]=’text’;fnames[2]=’LNAME’;ftypes[2]=’text’;fnames[7]=’MMERGE7′;ftypes[7]=’text’;fnames[6]=’MMERGE6′;ftypes[6]=’text’;fnames[3]=’ADDRESS’;ftypes[3]=’address’;fnames[4]=’PHONE’;ftypes[4]=’phone’;fnames[5]=’BIRTHDAY’;ftypes[5]=’birthday’;}(jQuery));var $mcj = jQuery.noConflict(true);