SecureMetric offers highly customizable on premise subscription based password assessment solution made for enterprises with trusted computing and encryption. This service will help enterprises to understand their weaknesses of their passwords with clear indication of area of improvement before bad incidents happen. It is easy to define strong password policies but yet the key challenge is to ensure users follow it correctly, we are here to help.
Password Assessment is important
The number one risk of any IT security architecture, no matter how thorough and extensive, remains the human factor – mainly the way users interact with the IT environment through the use of passwords.
Random sampling has shown that more than half of all passwords used in corporate environments do not satisfy even minimum- security requirements.
At least 60% of passwords used in companies do not satisfy minimum security requirements
SecureMetric offers on-premises SaaS solution for automatic and regular password strength assessment and enforcement for a wide range of systems. Our solution addresses the overwhelming issue of maintaining secured passwords in large, heterogeneous environments containing Microsoft A/D, IBM System z, SAP and more.
Combining more than a decade of authentication security experience, SecureMetric offers the unique combination of white hat hacking with authentication frame works expertise. We employs only legitimate cipher text extraction methods and therefore creates no system stability risk for the target. This solution is fully scalable and allows for simultaneous audits of millions of accounts.
Password policies commonly enforce length requirements and composition requirements. Their effectiveness against current password recovery attacks is very low. A policy does not restrict the use of dictionary words and known derivations, i.e. substituting the @-symbol for an “a”. The strength of a password – its resilience against attacks – can best be evaluated using structural entropy.
Attackers use different methods to recover passwords. The most commonly used is the dictionary attack. Millions of dictionary words – including literature and published passwords from password leaks on the internet – are used to create the respective hashes. These are then compared to password hashes stored on a server.
Customizable Password Assessment
We assesses recovered passwords against two criteria: a customized password policy and an objective, entropy-based set of rules. It can simulate various attack methods used by cyber criminals, such as dictionary or brute force attacks.
Recovered passwords are checked for multiple uses. A password can either be used several times by the same user on different systems or several users can use one password. Both situations pose a high security risk and are subject to risk mitigation measurements.
Notification by E-Mail
Automatic notification is used to prompt users to change their passwords if these are too weak or do otherwise not comply with defined audit parameters. The same feature automatically notifies the service administrator of a completed password audit job and the availability of a report.
Audit Jobs & Job Queuing
An intelligent job and queuing system permits programmable regular password auditing with no job collisions or task planning. It is highly scalable. It can process simultaneous parallel tasks and can audit millions of accounts on different systems over a single weekend.
Made for Enterprises
We support more than 30 systems and databases, ranging from IBM, SAP, Oracle to Microsoft. EPAS employs only legitimate, vendor-approved methods for retrieving password data from target systems, avoiding to crash targets or the false detection of malicious activities by antivirus or malware detection tools.
Trusted Computing and Encryption
All data out system processes is permanently encrypted. Trusted Computing is used to seal the platform. We apply various hardware and software monitoring elements to detect physical or software intrusion attempts. Security failsafe mechanisms log events and shut down in case of intrusion attempts.
Password Security Brochure
EPAS is a customization password assessment solution made for enterprises with trusted computing and encryption. EPAS have proven and help enterprises increase password security tremendously.