Breached password protection

Thousands of passwords are exposed during data breaches everyday. Once compromised, these passwords are available to multiple threat actors over the dark web. If a user in your organization were to use one of these passwords, it could create a weak link in your IT security architecture.

ADSelfService Plus, a holistic identity security solution, can prevent the usage of breached passwords in your organization.

Credential stuffing attacks

In a credential stuffing attack, the hacker uses a database of already compromised credentials to illegally break into a user account. Unchecked use of breached passwords can leave your organization susceptible to these attacks. The damage is greater when users reuse the same credentials for multiple applications.

Screen for breached passwords with ADSelfService Plus

ADSelfService Plus is an identity security solution that can take your organization closer to a Zero Trust environment.

Have I Been Pwned? is a website that checks if a given password has ever been compromised. The site was launched to allow the public to check if their credentials have been exposed in a data breach. Data from new breaches is automatically added to the repository of the website. Founded by security expert, Troy Hunt, the site has records of over eight billion accounts today.

Through integration with Have I Been Pwned?, ADSelfService Plus can check if a password being set by the user has been previously involved in a security breach. If it has, ADSelfService Plus forbids the password and asks the user to choose a different one.

Go beyond passwords

Traditional password authentication is vulnerable to many security risks, because with enough time, threat actors can hack any password. While stronger passwords require more time and effort to be cracked, they can still be cracked and, like all passwords, are still susceptible to phishing attacks. So, having passwords as the only security barrier between your network and bad actors is not advisable.

• Enforce MFA: Secure enterprise applications and machine access with over 20 advanced authentication factors including biometrics and YubiKey.
• Enable passwordless authentication: Empower users to access enterprise applications without a password, but instead with a stronger authentication factor such as Google Authenticator, TOTPs, etc.

Apart from breached password screening, ADSelfService Plus supports:

• Adaptive MFA: Enable context-based MFA with 19 different authentication factors for endpoint and application logins.
• Seamless SSO: Allow users to access all enterprise applications with a single, secure authentication flow.
• Password management and security: Simplify password management with self-service password resets, account unlocks, strong password policies, and password expiry notifications.
• Workforce self-service: Delegate profile updates and group subscriptions to end users and monitor these self-service actions with approval workflows.
• Remote work enablement: Enhance remote work with cached credential updates, secure logins, and mobile password management.
• Integrations: Establish an efficient and secure IT environment through integration with SIEM, ITSM, and IAM tools.
• Reporting and auditing: Simplify auditing with predefined, actionable reports about authentication failures, logon attempts, and blocked users.