Auth0 puts new feature to detect breached passwords to the test

Join today’s leading executives online at the Data Summit on March 9th. Register here.

Auth0 today announced an internal test on 100,000 random usernames, using a new security feature designed to detect and reset stolen passwords faster. 

Auth0 found that the capability to detect breached passwords, a technique referred to as ‘breach detection efficacy,’ increased by a minimum of 250% when using Credential Guard compared to an automated detection solution alone. Auth0 is proving its value, with this announcement coming less than a year after being acquired by Okta in a stock transaction valued at approximately $6.5 billion in March 2021.

“The goal with Credential Guard is to help organizations detect breaches as soon as they happen, to reduce the risk to the business and its users.” said Shiv Ramji, chief product officer at Auth0. “Traditional web scanners and scrapers rely on breach data being made public, which can be months or even years after the initial breach. Credential Guard enables security teams to shrink that gap, and better protect their customers’ digital identities on a global scale.”

Verizon’s 2021 Data Breach Investigations Report (DBIR) found that 89% of web application breaches involve some sort of credential abuse (such as use of stolen credentials or brute force). Account takeover attacks with stolen credentials used to target internal data, loyalty points, and even corporate funds are one of the most common and costly cyber threats. 

According to the DBIR, criminals use the easiest point of access by targeting personal data and credentials. Strong password hygiene is still thebest defense against a bad actor gaining access to your personal and corporate data and then moving across your networks looking for sensitive information they can exploit or sell.

Reusing passwords across sites increases the risk of an attack and makes it more difficult for organizations to prevent fraudulent access to user accounts. The goal of detecting and resetting exposed passwords with Credential Guard is to help organizations secure their apps and protect their users during the login process.

Auth0’s breached password detection is designed to enable organizations to automatically screen for stolen passwords, then alert the user, prompt for additional verification, or block access by forcing a password reset. Credential Guard adds even more visibility and speed with a dedicated security team that infiltrates criminal communities to gain access to otherwise unavailable breach data with a dedicated security team. 

Auth0 provides support for more than 35 languages and 200+ countries and territories to reduce breach detection time. Okta provides secure access to more than 14,000 organizations, including JetBlue, Nordstrom, Siemens, Slack, Takeda, Teach for America, and Twilio.

Credential Guard is also available as an enterprise add-on for existing Auth0 customers.

Originally appeared on: TheSpuzz