PWCHECK is a password quality audit tool intended for RACF security administrators and auditors. It is designed to help detect trivial or poorly chosen passwords, passwords that are weakly encrypted, or cleartext passwords that might reside in memory . PWCHECK uses various methods to find passwords, including:
| automatic detection of "hashed" passwords, |
| automatic trials of completely trivial passwords |
| automated dictionary trials |
| tests for the presence of clear passwords in TSBs. |
The documentation for PWCHECK explains how to install, use, and customize it.
PWCHECK-PRO includes many additional capabilities.
FAQ here.
