Password-management platform 1Password has introduced a brand new breach report service for enterprises, utilizing information from the Have I Been Pwned (HIBP) password breach database.
The launch comes as companies all over the world have been pressured to embrace distant working because of the COVID-19 disaster, a situation that would enhance the chance of safety breaches. In accordance with e mail administration service Mimecast, impersonation assaults alone surged by practically a 3rd in the course of the first 100 days of the pandemic.
With 1Password’s new area breach report providing, the corporate is making it simpler for its enterprise clients to determine worker accounts which have been compromised, alert impacted customers, and urge them to create new passwords generated by 1Password.
Password hygiene
Based out of Toronto in 2005, 1Password is one in all quite a few password administration providers that assist shoppers and companies retailer passwords securely, enabling them to log into myriad on-line providers with a single click on. Importantly, it helps individuals adhere to robust safety hygiene by utilizing distinctive passwords for every of their accounts — with out having to recollect all of them. For companies particularly, poor password hygiene is a serious driving drive behind safety breaches, with 81% of all breaches attributed to compromised passwords. In mild of this problem, 1Password just lately raised $200 million — its first exterior funding — to double down on its enterprise-focused product.
HIBP is the handiwork of famend safety skilled Troy Hunt, who constructed the database again in 2013 as a simple approach for anybody to find whether or not credentials for his or her on-line accounts had been found in a knowledge dump on the web. Armed with this data, customers can change their passwords for any impacted accounts, together with passwords for different accounts that share the identical e mail tackle and password mixture. Plenty of third-party builders had beforehand built-in the HIBP database into their very own apps and web sites, together with Mozilla’s Firefox browser, which launched a web-based safety device known as Monitor again in 2018.
Now baked immediately into one of many world’s hottest password administration providers, HIBP appears more likely to complement 1Password’s present safety instruments for enterprise clients. Any enterprise enrolled in 1Password Groups or 1Password Enterprise will have the ability to create a fast report that checks all e mail addresses on the corporate’s area in opposition to practically 10 billion compromised accounts listed on the HIBP database.
Fixing the “password drawback” has change into a serious focus of the broader cybersecurity motion. Israeli startup Secret Double Octopus just lately raised $15 million to assist corporations authenticate staff with out utilizing passwords, as an alternative tapping a multi-factor verification system that features biometrics. In the meantime, cloud storage big Dropbox final week launched a brand new password supervisor, whereas Google revealed it was integrating its password checkup device immediately into the password supervisor it makes accessible to all Google Accounts.
All of the firewalls and Fort Knox-grade safety instruments on the earth can’t compensate for weak worker passwords, that are all too typically reused throughout accounts. This makes it a lot simpler for hackers to launch assaults by way of “credential stuffing,” which frequently entails utilizing automated instruments to log into individuals’s accounts utilizing massive lists of leaked usernames and passwords.
Add comment