1Password taps Have I Been Pwned to give enterprises data breach reports

Password-management platform 1Password has announced a new breach report service for enterprises, using data from the Have I Been Pwned (HIBP) password breach database.

The launch comes as businesses around the world have been forced to embrace remote working due to the COVID-19 crisis, a scenario that could increase the risk of security breaches. According to email management service Mimecast, impersonation attacks alone surged by nearly a third during the first 100 days of the pandemic.

With 1Password’s new domain breach report offering, the company is making it easier for its business customers to identify employee accounts that have been compromised, alert impacted users, and urge them to create new passwords generated by 1Password.

Above: 1Password breach report, powered by HIBP

Password hygiene

Founded out of Toronto in 2005, 1Password is one of a number of password management services that help consumers and businesses store passwords securely, enabling them to log into myriad online services with a single click. Importantly, it helps people adhere to strong security hygiene by using unique passwords for each of their accounts — without having to remember them all.

VB Transform 2020 Online – July 15-17. Join leading AI executives: Register for the free livestream.

For businesses specifically, poor password hygiene is a major driving force behind security breaches, with 81% of all breaches attributed to compromised passwords. All the firewalls and Fort Knox-grade security tools in the world can’t compensate for weak employee passwords, which are all too often reused across accounts. This makes it much easier for hackers to launch attacks through “credential stuffing,” which often involves leveraging automated tools to log into people’s accounts using large lists of leaked usernames and passwords. In light of this issue, 1Password recently raised $200 million — its first outside funding — to double down on its enterprise-focused product.

HIBP is the handiwork of renowned security expert Troy Hunt, who built the database back in 2013 as an easy way for anyone to discover whether credentials for their online accounts had been discovered in a data dump on the internet. Armed with this information, users can change their passwords for any impacted accounts, along with passwords for other accounts that share the same email address and password combination. A number of third-party developers had previously integrated the HIBP database into their own apps and websites, including Mozilla’s Firefox browser, which launched a web-based security tool called Monitor back in 2018.

Now baked directly into one of the world’s most popular password management services, HIBP seems likely to complement 1Password’s existing security tools for enterprise customers. Any business enrolled in 1Password Teams or 1Password Business will be able to create a quick report that checks all email addresses on the company’s domain against nearly 10 billion compromised accounts listed on the HIBP database.

Above: HIBP-powered breach report from 1Password

Fixing the “password problem” has become a major focus of the broader cybersecurity movement. Israeli startup Secret Double Octopus recently raised $15 million to help companies authenticate employees without using passwords, instead tapping a multi-factor verification system that includes biometrics. Meanwhile, cloud storage giant Dropbox last week launched a new password manager, while Google revealed it was integrating its password checkup tool directly into the password manager it makes available to all Google Accounts.

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: