business

Detect Breached Passwords Faster with Auth0 Credential Guard

Secure apps and protect users with enterprise scale account takeover protection

Feb 9, 20225 min read

It’s 2022, yet passwords still remain the most common form of authentication online. Like it or not, they are not going away anytime soon. Even if they’re becoming riskier than ever. The very fact that there are so many more applications that users have to register for and log in to makes password reuse across multiple sites even more likely for all but the most security-conscious users. No wonder that the threat of account takeovers (ATOs) nearly doubled in 2020.

Breaches impact everybody. The average email address is now associated with 130 online accounts. Chances are that a significant portion of your users are using the same or similar usernames and passwords as they use on other sites. So when a password gets leaked in a data breach, that same password, or a slight variation thereof, has a high chance of being successful at multiple other online accounts that the user owns. Even if your own site hasn’t been breached, there’s still a good chance that your users' information may be compromised due to a leak that occurred elsewhere.

Improve Detection Response

With Auth0 Credential Guard, you can protect your applications from bad actors logging in with stolen credentials. You can alert the user about their compromised password, challenge the user using an additional factor, or block access by forcing a password reset. Typical breached password detection relies on breach data released to the public. From the time when a breach happens to when it’s announced, there is a gap (typically months) during which your users and business remain at risk. Credential Guard eliminates this gap: a team of dedicated security experts infiltrates criminal communities and gains access to exposed data as soon as breaches occur. With this advantage, you can better protect your users and secure your applications by resetting stolen passwords sooner.

Improve Detection Response

A typical account takeover attempt is performed using bots that hit login screens that use credentials obtained in data dumps that follow breaches. These indiscriminate attacks account for 90% of ATO attempts, yet only inflict 20% of the losses that business incur due to breaches. Targeted attacks, on the other hand, are disproportionately costly, even though they are far fewer in number. These attacks use sophisticated and clandestine methods of obtaining passwords, using these compromised credentials to inflict damage long before there is any traceable record of the breach. Traditional breach detection services that use scanners and scrapers to identify leaked credentials are therefore of no use when it comes to these types of attacks.

Credential Guard counters this threat with a team of security experts that infiltrate the dark web to mine out the exposed information before criminals can monetize it. This unique capability allows us to identify ATO risks months, even years before breach data is made public. Given importance of timeliness in identifying targeted attacks, companies can secure their applications during login by detecting and resetting stolen passwords as soon as breaches happen

Expand Reach Globally

Expand Reach Globally

Breached passwords are not only a threat to the companies’ applications but also their users. As mentioned above, users reuse passwords across multiple sites, so it’s not just an account that’s at risk but their entire online identity.

Credential Guard automates the detection and remediation of breached passwords across more than 35 languages and 200+ countries and territories for global account protection.

Improve Security Posture

We all have heard ad nauseum about the trade-off between user experience (UX) and security. Human psychology tells us that we make choices based on perceived threat. When a threat goes from being abstract to real, we’re much more likely to take it seriously and adjust our behavior to account for it. The same user that scoffs at stronger authentication methods when there is no perceived risk might enthusiastically sign up for the same measure if the choice is presented at a time when the alternative was to lose control of their account. Companies can alert a user that their password has been leaked in a data breach, and then offer to improve their security posture enrolling in MFA, without risking conversion, impacting UX or retention.

Secure Your Login Box, Protect Your Users

Secure Your Login Box, Protect Your Users

As security enthusiasts, we know that passwords worry both users and app owners alike. Yet they persist, and will likely do so for the foreseeable future. Using Auth0 Credential Guard, companies can stay ahead of criminals trying to exploit breached passwords. It protects companies as well as users’ online identities, which are increasingly bound up with a single, widely used password. While password protection is no silver bullet, making password protection part of a strategy to improve authentication choices, companies can reduce chances of being breached by up to 89%.

Learn more about implementing Credential Guard here.

About Auth0

Auth0 by Okta takes a modern approach to customer identity and enables organizations to provide secure access to any application, for any user. Auth0 is a highly customizable platform that is as simple as development teams want, and as flexible as they need. Safeguarding billions of login transactions each month, Auth0 delivers convenience, privacy, and security so customers can focus on innovation. For more information, visit https://auth0.com.