RooX UIDM will warn users of compromised passwords
22 мая 2023
RooX has implemented the password verification technology across the dictionary and leased password databases in the RooX UIDM access management system. With this capability, companies from banking, retail, e-commerce and other industries will make user accounts ever safer.
According to different studies, 50% – 75% of users set simple passwords, and use repeated login / password combinations for a range of services. Therefore, so many hacks become possible every year just because intruders automate going through known leaked passwords. For example, they use the delivery service database of logins and passwords to check, if any of them match with online bank credentials.
A new functionality in the RooX UIDM authentication and authorization management system will help notify users of the compromised or weak passwords and even ban their use in some cases.
Offenders regularly make password databases publicly available. For example, in 2021, 100-GB file with 8.4 billion passwords was put on the Web. The global community of information security professionals regularly monitors leaks and adds data from them to the dedicated databases. RooX UIDM uses these databases to check passwords. Besides, our clients can connect their own "bad passwords" databases to be checked
Konstantin Korsakov
Chief architect at RooX
In RooX UIDM, you can integrate password verification in scenarios of user signup, authentication and authorization in the following points: setting, restoring or changing the password, signing in, making actions that require additional authorization.
Besides, you can launch fully-fledged scan of the entire user database to find matches with dictionaries and compromised data upon request (for example, after another piece of news about the leak) or according to the schedule.
How tough the system will react to discovering a compromised password is determined by the settings. The system can just notify a user that the password is not reliable anymore, enable immediate password change, or even ban the performed action until the password is replaced with a safer one.
