Skip to main content

Frequently Asked Questions

Enzoic for Active Directory

Visit our support site for all Enzoic for Active Directory FAQs

View FAQs


Visit our support site for all Enzoic APIs FAQs

View FAQs

General Enzoic FAQs

What is Enzoic?

At its core, Enzoic is a massive cloud database of exposed credential data with web-based API services that help you protect your organization from compromised credentials. Organizations using Active Directory use Enzoic to keep vulnerable passwords out of your environment.

Nearly two thirds of data breaches involve weak or stolen login credentials, with substantial damage to reputation and financial loss. Enzoic hardens the password layer to keep you secure.

The data is sourced from the public Internet and Dark Web and therein lies the problem: a cybercriminal can get this data and use it to threaten your organization. To maintain our database we use the combination of proprietary automated processes, submitted contributions and diligence of our threat intelligence team.

The Enzoic compromised credential database contains multiple billions of carefully indexed records and is consistently being updated. All that said, you should be somewhat wary of firms quoting record counts because the same credentials tend to be found repeatedly across multiple sources.

Strong password requirements may actually be part of the problem. The difficulty creating and remembering complicated passwords increases the temptation to reuse the same password. Read more about strong passwords.

Unfortunately, 2FA and MFA can be bypassed by hackers. Having more security layers is definitely better, but neglecting to protect passwords just weakens an essential layer. If your organization is investing in multi-factor (and the added effort that imposes on your users), allowing them to use known compromised credentials just doesn’t make sense.

Enzoic is designed to exceed the most stringent requirements of enterprise security professionals. The credentials in our database are encrypted and only stored in a salted and strongly hashed format where we have absolutely no way of recovering the original data. And we never store submitted data; it is kept in memory on our servers only long enough to perform the database lookup and then the memory is zeroed out at the end of the call. Read more in our Security Overview

Yes. Our cloud architecture is hosted by Amazon Web Services, the same environment used by some of the largest service providers. Typical response time for our API is sub 200 ms. Please contact us to review your high-performance and availability requirement.

You can review our API documentation here. Feel free to contact us with any questions. We appreciate feedback requests.

Get answers to common questions about Active Directory passwords here.

Learn about account takeover attacks, risks and more here.

Read about proper account takeover protection and how to defend your organization here.

Understand the basics of credential stuffing here.

Learn about cracking dictionaries and why are they so effective here.