Introducing breached password detection in Zoho Vault

Did you know that billions of online accounts get breached every year, exposing the passwords to the breached accounts wherever possible? These passwords are available on the dark web, publicly traded by attackers, for as little as $15. Given the magnitude of passwords available in the public domain, it shouldn’t be a surprise if an attacker has access to your passwords as well.

We come across multiple data breaches—even at major corporations—on a regular basis. These breaches might expose our credentials as well. While setting strong, unique passwords for every account is a great first step, verifying if your passwords have been exposed through third-party data breaches is essential.

breached password detection

To make this process seamless for users, Zoho Vault now integrates with haveibeenpwned.com (HIBP), a breached password aggregator. Using Vault, you can identify breached credentials and instantly reset them with unique, strong passwords.

Why the integration with HIBP?
HIBP is an open-sourced service that hosts millions of breached credentials in its database. Its complete transparency, coupled with frequent updates to its database of newly exposed passwords, makes it the perfect fit for our service. HIBP is trusted and employed by 30+ governments across the world to monitor and safeguard their accounts’ integrity.

How does the integration work?
When you enable breached password detection for your organization, Vault will hash your passwords. The first five digits of the hashed passwords will be sent to HIBP. The service then sends a list of breached password hashes with the same first five digits. Vault validates if your password’s hash matches the hash of any of the breached passwords sent by HIBP.

To ensure complete protection for your passwords, all of these steps happen locally, on the client side (usually, your browser). We’ll never send the entire hash of your passwords to HIBP’s servers. The entire process will be anonymous, ensuring that at no point will HIBP be able to identify any data relevant to you using the five-digit password hash sent by Zoho Vault.

Get started in three clicks

breached password detection

Super admins of Zoho Vault can enable breached password detection for every user in their organization from Fine-grained controls, under the Settings tab. When enabled, users can identify and reset their breached passwords from their dashboards.

Alerts right where they matter

Breached password alerts

Vault alerts you to change any breached passwords saved in your account. This alert appears whenever you view, edit, or add passwords, and will remain active until you reset your passwords. 

Going the extra mile

password strength

Besides eliminating breached passwords, you also need to identify and remove weak and reused passwords from your account. Vault’s dashboard offers customized security insights for every password you manage.

Find and reset all of your vulnerable passwords to keep your accounts safe from potential password-based threats. Admins can monitor the weak business passwords managed by their employees and remind them to reset such credentials periodically.

New to Zoho Vault? Try Vault for free
Zoho Vault is the only password management solution your business needs. Using Vault, you can safeguard every credential you manage, set up passwordless authentication for cloud applications, and monitor all of your weak and exposed passwords from one dashboard. Start your 14-day free trial or get in touch with our onboarding experts to get started.

Comments

Leave a Reply

Your email address will not be published.

The comment language code.
By submitting this form, you agree to the processing of personal data according to our Privacy Policy.

Related Posts