Password Cracking Top Tip!

Maintain your own wordlist of previously guessed passwords. In follow up audits, you can then use JTR rules against user's old passwords. You'll be amazed (or maybe not) at how many users that have been asked to change their passwords will think it's OK to simply put a "1" or yesterday's date at the end of their old password.