With nearly two-thirds (65%) of IT professionals don’t check employee credentials against common password lists, OneLogin, has developed the industry-first solution, Shield, designed to combat the top source of data breaches and emerging threat vectors: password reuse. Shield, the Google Chrome browser extension further grows OneLogin’s existing threat capabilities by protecting enterprises against password reuse, identity reuse, weak password practices and phishing.
“Time and again, end-user behaviour—specifically password reuse—emerges as the primary source of data breaches,” said Venkat Sathyamurthy, chief product officer at OneLogin. “Built with user privacy in mind, Shield empowers users to make a positive impact on the security of their enterprise in a remarkably simple and powerful way: by improving password hygiene.”
Brute force, credential stuffing and similar attacks are on the rise, making weak and reused passwords one of the biggest risks in the enterprise. Organisations are otherwise defenceless against employees reusing passwords from personal applications across their corporate applications. When employees’ personal applications are breached, cybercriminals use these compromised credentials against corporate accounts. Shield removes the friction of password management by making the low effort, high impact application available through the browser used by the vast majority of the internet, Google Chrome.
Shield is offered in both free and enterprise-grade plans. It works with any existing identity provider to provide three key capabilities:
Combat Password Reuse: alerts users when they are attempting the high-risk practice of using identical passwords across any website
Fight Weak Passwords: notifies users when they attempt to use common, insecure passwords that are easily compromised
Defend Against Phishing: identifies websites that have a high probability of fraud and attempt to trick users into entering their credentials
“Purpose-built for privacy, Shield is released as an open-source tool and does not analyse or store passwords themselves but analyses password hashes to identify password reuse,” further comments Sathyamurthy. “The enterprise-grade version offers additional functionality in the form of administrator alerts, ability to suspend user accounts if malicious activity is detected, and exports intelligence to Security Information and Event Management (SIEM) tools for additional reporting, analysis, and compliance.”
For more information on how to download Shield, visit: https://chrome.google.com/webstore/detail/shield/bichhgflghemhnolakbaikdhkbejdgam