Using the API, Easily Detect Weak or Compromised Passwords to Help Companies Align with Latest NIST Guidelines
SpyCloud, known for its unique breach data collection and curation platform that powers leading account takeover prevention solutions, has enhanced its Consumer ATO Prevention offering with its new Password Exposure API, enabling enterprises to align with the latest guidelines from the National Institute of Standards and Technology (NIST). Now, SpyCloud customers can prevent more online fraud throughout the lifetime of a consumer account, while maintaining frictionless user experience.
“Consumers today are managing hundreds of online accounts and logins. Rotating through a few favorite passwords that they reuse everywhere or only tweaking them by a character or two is very common,” said Chip Witt, Vice President of Product Management at SpyCloud. “Cybercriminals take advantage of these password shortcuts and will test lists of stolen credentials against thousands of online accounts to break in and make purchases, steal funds and conduct other fraudulent activity, which can damage a company’s business and reputation.”
The latest password guidelines from NIST require organizations to prevent users from selecting weak, common, or previously-exposed passwords. New breaches happen every day, making it difficult for busy teams to continuously research and match breach data to user accounts. SpyCloud’s Password Exposure API significantly decreases the resources and costs required to align with NIST guidelines by enabling security teams to easily check consumers’ passwords at scale against the industry’s largest database of stolen credentials.
With SpyCloud’s Password Exposure API, enterprise security teams can:
- Detect Vulnerable Accounts: If a user’s password appears in the SpyCloud database, it means that password is available to cybercriminals. Whether they have recycled their favorite credentials or chosen a popular password, their account is at risk of account takeover.
- Stay a Step Ahead of Criminals: SpyCloud’s collection and curation platform provide fast, high-volume access to recovered data early in the breach lifecycle. This allows swift identification of exposed passwords that can be reset before criminals have a chance to use them.
- Reduce Online Fraud: With access to consumers’ accounts, criminals can drain funds, siphon loyalty points, steal personal data, and more. SpyCloud enables enterprises to take swift action to protect users, without adding friction to the customer journey.
SpyCloud’s Password Exposure API detects how many times a password has appeared in the SpyCloud database, allowing enterprises to identify their own threshold for preventing weak and exposed passwords. To find matches securely, SpyCloud uses an approach called k-anonymity to check password-only matches against the entire SpyCloud database. Only the first 5 characters of each password hash are sent over the network, never the user’s plaintext password, meaning SpyCloud never has access to the entire password.
Together, SpyCloud’s two complementary APIs for Consumer ATO Prevention provide comprehensive coverage throughout the lifetime of a consumer account. Enterprises can make sure users create strong passwords in the first place using the Password Exposure API, then keep those accounts secure over time by detecting users’ new data breach exposures with SpyCloud’s existing User Exposure API.
“SpyCloud allows organizations to quickly identify potentially compromised passwords and require a reset before criminals have a chance to take advantage,” continued Witt. “Not only does this protect the brand and bottom line, but it’s something that consumers will appreciate, knowing organizations they do business with are taking appropriate steps to protect them from cyber attacks.”