Passwords exposed in various data breaches worldwide are publicly available as a data dump. Many times, users are not aware when their passwords are exposed in credential spilling attacks. If a breached password is being used, it may lead to a spate of cyberattacks. To prevent such incidents, Securden can periodically scan the dump and check if any of the passwords stored in the product matches with the passwords that have been exposed in known data breaches. You can configure how often Securden should check for breached passwords. Whenever usage of a breached password is detected, email alerts will be sent to administrators, auditors, respective account owners, and other specified users.
Important Note: Once you configure this, in addition to periodic checks, Securden runs this check at the time of account addition and password change events provided the product is connected to the internet.
Prerequisite: Before configuring alerts about breached passwords, you should have configured the Mail Server Settings that enable Securden to send email notifications. You can configure this from Admin >> General >> Mail Server Settings.
To configure breached passwords identification, navigate to Admin >> Notifications >> Breached Password Identification and move the toggle “Enable Breached password Identification (Periodic Check)” to green.
Who is Notified on Identifying Breached Passwords
How to Edit Breached Password Notifications
You can modify the notification settings anytime as desired from Admin >> Notifications >> Breached Passwords Identification section.