CredVerify is a threat intelligence platform that aggregates, processes, and stores billions of credentials recovered from data breaches. CredVerify for Okta checks for leaked credentials through restful API services using the k-anonymity protection model. If a username and password is found to match credentials discovered in previous data breaches or the dark web, authentication will be interrupted, and the user will be sent to identity verification and a password reset flows. The solution was built with privacy and security by design, making the data usable only within the intended context.
Enabling VeriClouds CredVerify:
- Automates the detection of unauthorized login attempts and integrates with real-time policy enforcement measures
- Significantly minimizes the threat from the number one cause of data breaches - a weak or stolen password
- Reduces the likelihood of an account takeover or credential stuffing attack from being successful
CredVerify can be consumed as a service in the VeriClouds cloud, or it can be deployed in a customer’s cloud environment with just a few lines of code.
Aligned with NIST 800-63b
CredVerify helps enforce the NIST password requirement guidelines for IdPs by screening new passwords against lists of commonly used or compromised passwords.
The SolutionVeriClouds CredVerify APIs work with Okta's cloud-based authentication service to block account takeover and credential stuffing attacks that rely on compromised, stolen, or weak credentials. CredVerify checks incoming credentials against its data repository of compromised credentials and allows users to be authenticated only after verification that their credentials have not been compromised.
Stop preventable breaches and Account Takeover with credential verification
Credential verification is not a replacement for MFA. CredVerify for Okta complements MFA solutions where it hasn’t been turned on, is compromised due to SIM swapping or social engineering.
Go beyond breach notification with credential verification
Security leaders who rely on open source password lists and breach notification services can have a false sense of security; public breach notification services is no substitute for intelligent risk-based authentication. CredVerify is backed by a repository of more than 20 billion records with privacy baked into the design to make it the safest way on the planet to check if your users' credentials are pwned or not.