Enzoic CEO Michael Greene had a recent session with CyberEd.
CyberEd.io provides the latest discussions on cybersecurity topics straight from industry leaders for the security practitioner on-the-go. Here is a quick summary of that session.
Numerous options exist for strong authentication, but most involve introducing some form of friction into the user experience. User testing studies show that most online users have minimal tolerance for disruptions introduced by security measures. Even when those measures are designed to protect their personal information and valuable assets.
Credential screening products are designed with the understanding that consumers use the same login credentials across multiple sites. In fact, according to Google, 65% of online users reuse passwords across multiple accounts, if not all their accounts.
When a user logs into their account, credential screening compares their credentials against a continuously updated database of compromised credentials. If the user’s credentials are found to be compromised, a range of responses can be prompted. For example, an immediate password reset, restricting access to sensitive data on the account, require more information or log for additional analysis.
This process protects the user’s account, reduces successful credential stuffing, and account highjacking. It only impacts users whose credentials are definitively compromised and leaves the rest of the users unencumbered to login to their account.
And it is not just for online users and customers. Employees are another threat vector for organizations so the Continuous Password Monitoring feature in Enzoic for Active Directory can help minimize threats to employee accounts.
To read more, please see the article on Data Breach Today or learn more about Mike’s viewpoint on “Credential Stuffing Attacks vs. Brute Force Attacks: What They Are and How to Handle Them.”