The combination of a username and password remains the most common type of customer authentication, yet this method continues to be exploited in data leaks, credential stuffing attacks, phishing scams, and malware.
Next Identity's Password Inspector extension protects your customers—and your brand—by analyzing passwords and enforcing polices that increase security, shield against bad actors, and strengthen governance.
The Password Inspector extension is a suite of features offering granular configuration options that can be deployed globally or for specific integrations—giving your service the ability to implement custom policies that meet complex enterprise requirements.
Password Inspector available for Next Identity Journeys and Next Identity API
Password Inspector's Password History feature prevents customers from reusing passwords they've used before, reducing the likelihood that a customer uses a password that may have been involved in a breach. Password History also invalidates access tokens once the password has been changed so that a currently compromised account will lock out active malicious users.
A customer that is changing their password through Next Identity Journeys or the Next Identity API is required to choose a password that has not previously been used. The number of previously used passwords that's stored is configurable globally, or by integration.
Password History also invalidates previous access tokens once the password has been changed so a currently compromised account will lock out active malicious users.
Credential stuffing attacks rely on compromised databases to gain access to user accounts across a variety of applications. To protect your customers against this kind of attack, the Password Guard feature of Password Inspector looks up passwords in a database of known breached accounts and prevents customers from reusing that password—making it more difficult for malicious users to gain access to your customer's accounts.
Updated 6 months ago