Password Security Assessment

|Password Security Assessment
Password Security Assessment 2017-06-29T01:31:11+00:00
Password Security Assessment
Two-Factor Authentication System
Advanced Multi-Factors Authentication
Fast ID Online Token

Password Security Assessment

passwordsecurity_812x338

Password Security

SecureMetric offers highly customizable on premise subscription based password assessment solution made for enterprises with trusted computing and encryption. This service will help enterprises to understand their weaknesses of their passwords with clear indication of area of improvement before bad incidents happen. It is easy to define strong password policies but yet the key challenge is to ensure users follow it correctly, we are here to help.

Password Assessment is important

The number one risk of any IT security architecture, no matter how thorough and extensive, remains the human factor – mainly the way users interact with the IT environment through the use of passwords.
Random sampling has shown that more than half of all passwords used in corporate environments do not satisfy even minimum- security requirements.

At least 60% of passwords used in companies do not satisfy minimum security requirements

SecureMetric offers on-premises SaaS solution for automatic and regular password strength assessment and enforcement for a wide range of systems. Our solution addresses the overwhelming issue of maintaining secured passwords in large, heterogeneous environments containing Microsoft A/D, IBM System z, SAP and more.

Combining more than a decade of authentication security experience, SecureMetric offers the unique combination of white hat hacking with authentication frame works expertise. We employs only legitimate cipher text extraction methods and therefore creates no system stability risk for the target. This solution is fully scalable and allows for simultaneous audits of millions of accounts.

Password Strength

Password policies commonly enforce length requirements and composition requirements. Their effectiveness against current password recovery attacks is very low. A policy does not restrict the use of dictionary words and known derivations, i.e. substituting the @-symbol for an “a”. The strength of a password – its resilience against attacks – can best be evaluated using structural entropy.

Attackers use different methods to recover passwords. The most commonly used is the dictionary attack. Millions of dictionary words – including literature and published passwords from password leaks on the internet – are used to create the respective hashes. These are then compared to password hashes stored on a server.

Customizable Password Assessment

Customizable Password Assessment

We assesses recovered passwords against two criteria: a customized password policy and an objective, entropy-based set of rules. It can simulate various attack methods used by cyber criminals, such as dictionary or brute force attacks.

Password Re-Use Report

Password Re-Use
Report

Recovered passwords are checked for multiple uses. A password can either be used several times by the same user on different systems or several users can use one password. Both situations pose a high security risk and are subject to risk mitigation measurements.

Notification by E-Mail

Notification
by E-Mail

Automatic notification is used to prompt users to change their passwords if these are too weak or do otherwise not comply with defined audit parameters. The same feature automatically notifies the service administrator of a completed password audit job and the availability of a report.

Audit Jobs & Job Queuing

Audit Jobs &
Job Queuing

An intelligent job and queuing system permits programmable regular password auditing with no job collisions or task planning. It is highly scalable. It can process simultaneous parallel tasks and can audit millions of accounts on different systems over a single weekend.

Made for Enterprises

Made for
Enterprises

We support more than 30 systems and databases, ranging from IBM, SAP, Oracle to Microsoft. EPAS employs only legitimate, vendor-approved methods for retrieving password data from target systems, avoiding to crash targets or the false detection of malicious activities by antivirus or malware detection tools.

Trusted Computing and Encryption

Trusted Computing and Encryption

All data out system processes is permanently encrypted. Trusted Computing is used to seal the platform. We apply various hardware and software monitoring elements to detect physical or software intrusion attempts. Security failsafe mechanisms log events and shut down in case of intrusion attempts.

Downloads

Password Security Brochure

Password Security Brochure

EPAS is a customization password assessment solution made for enterprises with trusted computing and encryption. EPAS have proven and help enterprises increase password security tremendously.

DOWNLOAD

Get in touch with us

Contact us for more information regarding our services and solutions. We have technology expert worldwide to help you with your digital security needs. Please fill in the form below and we will get in touch with you.