A little over a month since 1Password incorporated a pwned password check feature developed by Have I Been Pwned ‘s Troy Hunt, the password manager service has now netted what’s being described as. The only secure password is the one you can't remember. I had my epiphany about the importance of creating secure passwords (and the necessity for a password manager) back in 2011 where I concluded that the only secure password is the one you can’t remember.Back then, I chose 1Password because it was the best fit for my needs; it was user friendly, it had clients for all the devices I used.
Join Transform 2021 this July 12-16. Register for the AI event of the year.
Password-management platform 1Password has announced a new breach report service for enterprises, using data from the Have I Been Pwned (HIBP) password breach database.
The launch comes as businesses around the world have been forced to embrace remote working due to the COVID-19 crisis, a scenario that could increase the risk of security breaches. According to email management service Mimecast, impersonation attacks alone surged by nearly a third during the first 100 days of the pandemic.
With 1Password’s new domain breach report offering, the company is making it easier for its business customers to identify employee accounts that have been compromised, alert impacted users, and urge them to create new passwords generated by 1Password.
Password hygiene
/cdn.vox-cdn.com/uploads/chorus_asset/file/11031347/1password_7_macbook_pro_800x463.jpg "Email")
Founded out of Toronto in 2005, 1Password is one of a number of password management services that help consumers and businesses store passwords securely, enabling them to log into myriad online services with a single click. Importantly, it helps people adhere to strong security hygiene by using unique passwords for each of their accounts — without having to remember them all.
Been Pwned
For businesses specifically, poor password hygiene is a major driving force behind security breaches, with 81% of all breaches attributed to compromised passwords. All the firewalls and Fort Knox-grade security tools in the world can’t compensate for weak employee passwords, which are all too often reused across accounts. This makes it much easier for hackers to launch attacks through “credential stuffing,” which often involves leveraging automated tools to log into people’s accounts using large lists of leaked usernames and passwords. In light of this issue, 1Password recently raised $200 million — its first outside funding — to double down on its enterprise-focused product.
HIBP is the handiwork of renowned security expert Troy Hunt, who built the database back in 2013 as an easy way for anyone to discover whether credentials for their online accounts had been discovered in a data dump on the internet. Armed with this information, users can change their passwords for any impacted accounts, along with passwords for other accounts that share the same email address and password combination. A number of third-party developers had previously integrated the HIBP database into their own apps and websites, including Mozilla’s Firefox browser, which launched a web-based security tool called Monitor back in 2018.
I've Been Pwned
Now baked directly into one of the world’s most popular password management services, HIBP seems likely to complement 1Password’s existing security tools for enterprise customers. Any business enrolled in 1Password Teams or 1Password Business will be able to create a quick report that checks all email addresses on the company’s domain against nearly 10 billion compromised accounts listed on the HIBP database.
Fixing the “password problem” has become a major focus of the broader cybersecurity movement. Israeli startup Secret Double Octopus recently raised $15 million to help companies authenticate employees without using passwords, instead tapping a multi-factor verification system that includes biometrics. Meanwhile, cloud storage giant Dropbox last week launched a new password manager, while Google revealed it was integrating its password checkup tool directly into the password manager it makes available to all Google Accounts.
VentureBeat
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact.Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:- up-to-date information on the subjects of interest to you
- our newsletters
- gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
- networking features, and more
Almost a decade ago now, I wrote what would become one of my most career-defining blog posts: The Only Secure Password is the One You Can't Remember. I had come to the realisation that I simply had too many accounts across too many systems to ever have any chance of creating decent unique passwords I could remember. So, I set out to find a password manager and 10 Christmas holidays ago now, I spent the best 50 bucks ever: I chose 1Password way back then and without a shadow of a doubt, it has become one of the most important pieces of software I have ever used. Since that date in 2011, I doubt there's been a single day I...