SpyCloud, an account takeover prevention solution provider, has announced its new Password Exposure API. The API allows users to comply with new NIST guidelines while preventing online fraud with a seamless user experience.
"Consumers today are managing hundreds of online accounts and logins,” Chip Witt, SpyCloud Vice President of Product Management, commented in a press release. “Rotating through a few favorite passwords that they reuse everywhere or only tweaking them by a character or two is very common. Cybercriminals take advantage of these password shortcuts and will test lists of stolen credentials against thousands of online accounts to break in and make purchases, steal funds and conduct other fraudulent activity, which can damage a company's business and reputation."
New NIST guidelines prevent organizations from allowing weak, common, and previously exposed passwords. The new SpyCloud API enhances organizations' ability to comply with this new standard. Security teams can leverage the API to programmatically check for non-compliant passwords at scale.
When a password appears in the SpyCloud database, that password is available to cybercriminals. The Password Exposure API detects if passwords have appeared in that database and how many times they have appeared. Uses can set a threshold for how many times is acceptable before change is required. SpyCloud uses k-anonymity to check password matches against the database. Only the first five characters of any password are sent via the network to help protect the password. SpyCloud never has access to an entire password.
The new API supplements SpyCloud’s APIs for Consumer ATO Prevention. Combined, the APIs provide comprehensive coverage for the lifetime of any consumer account. To learn more, visit the API site.