CredVerify™: Detect. Verify. Prevent.
CredVerify™ Cloud API
CredVerify™ integrates with IAM systems and complements existing authentication and multi-factor authentication. The integration detects compromised credentials of your employees or customers during authentication by checking their credentials against a database of more than eight billion compromised credentials.
CredVerify™ On-Premise Service
CredVerify™ deploys as a hardware appliance on your network without any connectivity to the outside. The appliance stores billions of encrypted compromised credentials and is equipped with a hardware-based security - Intel® SGX or SafeNet's HSM for superior data-privacy and compliance.
Privacy & Security
CredVerify™ protects your data by using encryption and masking at all times. The credential verification happens locally on your network using Intel® SGX secure enclave. CredVerify™ uses only strong encryption to prevent tampering with potential PII and abuse by rogue admins or malicious users.
Improve Visibility of User-Centric Risk with CredVerify
Lower the risk of account takeover and credential stuffing attacks
- Block stolen credentials from being used during logon
- Outsource legal liabilities of handling breached data
- Automate response and remediation to known data breaches
NIST Password Compliance Check
VeriClouds CredVerify™ helps enforce the NIST password requirement guidelines for IdPs by screening new passwords against lists of commonly used or compromised passwords. The types of lists recommended by the NIST 800-63b, sec 5.1.1.2 Memorized Secret Verifiers guidelines include:
- Passwords obtained from previous breach corpuses
- Dictionary words
- Repetitive or sequential characters (e.g. ‘aaaaaa’, ‘1234abcd’)
- Context-specific words, such as the name of the service, the username, and derivatives thereof