PASSWORD BREACH DATABASE
Weak, shared, and reused passwords account for over 80% of data breaches, underlining the necessity for ensuring passwords in use are not already known to be compromised.
When a data breach occurs, bad actors review the data for user names and passwords, once found these are placed on the dark web where they are readily available to access and attempt to break into systems with.
Password are typically stored ‘hashed’ to avoid the clear text password being stolen but hackers are adept at cracking these passwords so this offers little practical protection in the real world.
The key to keeping protected is knowing that you are ahead of the bad actors by comparing your passwords to those already known to be compromised.
Our Password Breach Database receives millions of updates each day form our team of ethical hackers. It is the largest actively managed collection of known breached passwords, consisting of over 8 billion compromised clear text credentials, making it 55% more substantial than widely shared free databases.
If you are verifying your passwords against a database of known compromised credentials, it makes sense to use the biggest and best data source available.
BENEFITS OF PASSWORD BREACH DATABASE
HOW THE PASSWORD BREACH DATABASE IS USED
The data in the password breach database can be used in different ways to best fit an organization’s requirements:
ACCESSED VIA API
The Password Breach database can be access by API, enabling manages
service providers and SAAS application vendors to easily add compromised
password checks against their own services.
By using the biggest and best data source in the world, they can be sure
they are maximizing the security provided.
USED DURING AN AUDIT
Want to know what is available on the dark web about your company? Intercede can use our Password Security Portal to review our database and see what bad actors could use to attack your systems.
For a deeper dive we can run on-prem audit tools against your Active Directory system and see if any compromised credentials are still currently in use.
PASSWORD SECURITY MANAGEMENT
In addition to helping users choose good passwords complaint with a defined organisational password policy, the MyID PSM software uses the Password Breach database as its source to verify passwords are not known to be compromised, if they are a user will be forced to change the password delivering real time protection.
Want to know more?
If you are ready to book a demo, simply click the button below and we will arrange a demo
demo requestFrequently Asked Questions
The content gathered in our Password Breach Database is derived from the Public Domain, and it's safe to presume that it's already in the possession of potential threats; our data retention policy doesn't exacerbate this risk. The data procured isn't subject to 'consent' per GDPR guidelines. Still, we can maintain data on a "legitimate interest" premise, which does not demand explicit consent. We ensure never to collect passwords directly from individuals, whether they are aware or not.
Our storage is limited to username and password details. The username is generally an email address, with the password stored in plaintext. Alongside this, we also preserve the password in various hash formats for rapid analysis. We refrain from directly "verifying" or "evaluating" the data we accumulate, as such actions could easily cross into the realm of hacking.
We utilize a range of data sources, encompassing mainstream media, online discussion boards, torrents, paste bins, and other dark web sites. Our business policy strictly prohibits paying for data. The acquired data comes in diverse formats, often accompanying other data, like phone numbers, credit card details, addresses, etc., which we promptly discard. The preserved data is subsequently cleansed and assessed for its credibility before integration into the database. Where feasible, we also document the data's origin for future reference.
We gather data from an array of sources, such as mainstream news outlets, online forums, torrents, paste bins and other areas of the dark web. Our organizational policy is strictly against purchasing data. The obtained data often arrives in varied formats and typically includes additional information, like phone numbers, credit card details, addresses etc., which we purposely discard. The data kept is cleaned and scrutinized for authenticity before it's incorporated into the database. Additionally, we make a note of the data's source whenever it's feasible for reference purposes
Trusted by Governments and Enterprises Worldwide
Where protecting systems and information really matters, you will find Intercede. Whether its citizen data, aerospace and defense systems, high-value financial transactions, intellectual property or air traffic control, we are proud that many leading organizations around the world choose Intercede solutions to protect themselves against data breach, comply with regulations and ensure business continuity.