: This is your first line of defense. While NTLM can be cracked at billions of hashes per second, a truly random, long, and complex password can make cracking infeasible for an attacker. Enforce length over complexity, and block common weak passwords with an Azure AD Password Protection or similar solution.
Even though you can't reverse an NTLM hash, you can it. Cracking is the process of guessing or computing the input that produces a given hash. The most common and effective methods include: ntlm-hash-decrypter
: Comparing the target hash against a pre-compiled list of common passwords hashed with MD4. : This is your first line of defense
: You can use the hash itself as a credential to authenticate to other systems without ever knowing the cleartext password. Even though you can't reverse an NTLM hash, you can it
14 characters, mixed case, numbers, symbols.