Enzoic, formerly PasswordPing, provides low user-friction solutions for strong authentication against compromised credential attacks affecting employees, users, and customers. There are two core solutions:
With billions of user credentials exposed in data breaches, it is easy for hackers to attack corporate directories. As a result, industry experts are changing their password guidance. Microsoft is recommending new Active Directory password best practices. The US-Based National Institute for Standards and Technology (NIST) issued password guidelines in 2018 that also encourage Active Directory administrators and IT staff to revise their password policies.
Enzoic’s easy-to-implement Active Directory plugin follows NIST 800-63 password guidelines which recommend comparing employee passwords against cracking dictionaries, exposed, and commonly-used passwords. It reinforces the directory against offline cracking by eliminating the effectiveness of rainbow table lookups. It also eliminates the need for periodic, forced password resets, and it works with existing Active Directory password policies within your organization.
Due to the billions of compromised user credentials circulated on the public Internet and Dark Web, compromised credential screening is an important way organizations can protect their customers and users from the risk of their account hijacking.Josh Horwitz, COO, Enzoic
Account Takeover (ATO) attacks rely heavily on the reuse of credentials exposed in 3rd party data breaches. Because of this, an effective defense involves detecting logins using previously compromised credentials. Enzoic’s innovative APIs check in real-time against billions of exposed username and password combinations, which then alert against compromised credentials. It allows organizations to securely compare user credentials hashes against a continuously updated database of compromised credentials hashes. This approach works well with any existing authentication system and can work as a risk-based signal. It also works with all devices, browsers, and MFA environments.
Our customers tell us regularly that compromised credential screening is a must-have rather than a nice-to-have for their customer applications and corporate systems. Compromised credential screening makes it easier on their IT and Security teams, while also making it easier on users.Michael Greene CEO, Enzoic
To view the full article, please visit: https://theceoviews.com/why-compromised-credential-and-password-screening/