Data Breach Warning Screen with many 0 and 1 as well as red word Data Breach in between the number rows.

Breached Password Detection within Engity's Authentication Solution

Breached Password Detection Should Be a Standard Feature in Every Authentication Solution

Every year again, the steadily increasing number of passwords exposed in data leaks is shocking. In many cases, in addition to the password also the respective username or e-mail address and hence the combined login credentials are compromised and lead to an even larger threat.

Hundreds of millions of accounts are revealed when sites or apps become targets. Increasingly sophisticated cyberattacks, phishing attempts, and social engineering campaigns have been responsible for many security breaches that have taken place in recent years. Especially administrative and high-level accounts are popular targets for hackers.

Leaked passwords often end up for sale on the dark web. Hacking tools automatically try to steal personal information from databases. Consequently, leaked user accounts and gained login credentials can lead to all sorts of illegal operations like fraud and theft.

As a result of these attacks there is an ever greater need to secure the data of your IT admins and end users. Due to the steadily increasing global cyber threat landscape, no Identity and Access Management solution without a standard built-in Leaked Password Detection should be commissioned. For Engity and its IAM solution, security is essential. That is why we offer the Breached Password Detection feature to all our customers by default.

Screenshot from Engity's demo showing the registration screen with a note that a leaked password was entered.

Engity's Breached Password Detection During Sign-Up Process

Engity's sign-up process is designed to scan for leaked password databases in the cloud that are constantly updated with new lists of compromised credentials. Those data sets are pulled from sources all over the Internet. If a compromised password is entered by a newly registering user, he is immediately notified and asked to use a different one. For security reasons, users are only allowed to register with a non-compromised password.

Breached Password Detection after User has Registered at Engity's Cloud Solution

If a user tries to login with a known breached password, the login process is interrupted. A warning message is displayed, requesting the user to change their password before being able to continue. Wording and warning messages of our solution are customizable to allow best possible user experience to our customers.
Login screen from Engity's demo alerting user that their password was hacked and should be exchanged

How a Leaked Password Detection Database Works

Hackers break into websites and apps to steal passwords, which is why it is important to use different passwords for different sites. Although many users may be warned against using the same username and password combination for more than one account, this is a common practice leaving logins vulnerable on multiple sites even when only one password gets leaked. When these leaked passwords become "public" in the Internet or dark net, leaked password detection databases come into play.

A leaked password database is a combined list of login credentials (in form of hashes) that are publicly available. Whenever security specialists, admins, or researchers observe a security breach, leaked data or other vulnerabilities, the leaked password database is updated. Exposed and discovered username and password are added to the repository and then made queryable.

Leaked password or breach databases generally get their information from multiple sources, such as security consultancies, governmental anticyber units, online forums and even from discovered data collections in the dark net.

Our Security Mechanisms

Process of How New Breached Login Credentials are Added to Database


Security should be the Most Important Decision Point Sourcing an Authentication Solution

Have my user credentials been breached or leaked? Engity helps you protect your user accounts by notifying the user and/or the admins when any of your users‘ passwords have been compromised, so you can update them. Want to learn more?
Contact Us Call Us