1Password launches domain breach report to address credential stuffing
1Password is launching a first-of-its-kind domain breach report. Now, companies using 1Password’s enterprise password manager can swiftly identify compromised accounts and take action to protect the enterprise by alerting users to create new secure passwords generated via 1Password.
The domain breach report strengthens 1Password’s market-leading enterprise password management offering, deepening its value as the foundational layer of the identity and access management stack.
IT administrators enrolled in 1Password Business and 1Password Teams can quickly create a domain breach report which checks all company email addresses against a list of nearly 10 billion compromised accounts provided by HaveIBeenPwned.com.
The report identifies all company email addresses which have been caught in data breaches and provides details about each breach so that IT can take corrective action. Administrators can notify employees and direct them to create new secure passwords in affected accounts.
“Our domain breach report is designed to help IT better support every user in the enterprise,” said Matt Davey, chief operating officer, 1Password. “Rather than forcing employees and IT alike to go through frustrating blunt-force security processes like company-wide automated password resets, our partnership means IT can intercede surgically, reaching out directly to affected employees when they know there’s a real threat. This launch supports our mission to help IT departments in the never-ending challenge to protect the enterprise against credential-stuffing attacks and promote healthy password habits, all while helping workers to get more done.”
A 1Password survey of 2,100 workers found that one-third of respondents reuse memorable passwords for new accounts and nearly half use a pattern of similar passwords. Password reuse enables credential stuffing, whereby attackers target multiple accounts with exposed email addresses and passwords, leaving companies vulnerable to breaches. 1Password makes it easy to provide unique secure passwords for all accounts in the enterprise, limiting exposure in the event of a breach.
“The rate and scale of corporate data breaches has been increasing dramatically over recent years,” said Troy Hunt, founder of HaveIBeenPwned.com. “A dedicated password manager like 1Password not only provides essential protection against the impact of a data breach, but also makes passwords more user friendly than ever.”