Frequently Asked Questions
Answers to commonly asked questions
Strong password requirements may actually be part of the problem. The difficulty creating and remembering complicated passwords increases the temptation to reuse the same password. Read more about strong passwords.
Unfortunately, 2FA and MFA can be bypassed by hackers. Having more security layers is definitely better, but neglecting to protect passwords just weakens an essential layer. If your organization is investing in multi-factor (and the added effort that imposes on your users), allowing them to use known compromised credentials just doesn’t make sense.
The data is sourced from the public Internet and Dark Web and therein lies the problem: a cybercriminal can get this data and use it to threaten your organization. To maintain our database we use the combination of proprietary automated processes, submitted contributions and diligence of our threat intelligence team.
When we report a credential exposure, we share extensive details about what we found, including: the site where it was found, the total number of credentials in the exposure, what types of data we found (physical address, phone, etc), the format of passwords (clear text, MD5) and more. Read more in our Developer Docs.
Enzoic is designed to exceed the most stringent requirements of enterprise security professionals. The credentials in our database are encrypted and only stored in a salted and strongly hashed format where we have absolutely no way of recovering the original data. And we never store submitted data; it is kept in memory on our servers only long enough to perform the database lookup and then the memory is zeroed out at the end of the call. Read more in our Security Overview
For FAQS specific to Enzoic for Active Directory, please visit: https://www.enzoic.com/docs-enzoic-active-directory-faq/